The federal government has intensified efforts to strengthen Nigeria’s digital security architecture, unveiling plans for a multi-stakeholder Cybersecurity Coordination Council even as the Nigeria Data Protection Commission (NDPC) investigate a potential data breach involving key players in the country’s payments ecosystem.
Bosun Tijani, the minister of communications, innovation and digital economy, confirmed that the government is pursuing a collaborative framework that brings together public institutions, private sector operators and civil society.
The proposed council is expected to serve as a central coordinating body for cybersecurity strategy, threat intelligence sharing and incident response, as Nigeria faces rising digital vulnerabilities amid rapid fintech and digital economy expansion.
“Cybersecurity is a shared national responsibility,” Tijani said, emphasising that safeguarding Nigeria’s digital economy would depend on “strong partnerships, trusted collaboration, and collective vigilance across government, industry, and civil society.”
The initiative reflects a policy shift toward co-regulation and ecosystem-wide accountability, particularly as financial services, telecommunications and public infrastructure become increasingly digitised.
The initiative comes against the backdrop of an ongoing investigation by the NDPC into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank and other entities.
According to a statement signed by Babatunde Bamigboye, head of legal, enforcement and regulations at the Commission, a formal notice of investigation was issued on April 1, 2026, with affected parties already submitting information.
The statement read: “The Nigeria Data Protection Commission (NDPC) is carrying out an investigation into an alleged data breach involving Remita Payment Services Ltd., Sterling Bank and other entities. In line with the Commission’s procedure, Notice of Investigation was duly served on the 1st of April, 2026. Relevant parties and individuals have been providing information for the purpose of addressing the incident.”
“The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisational measures. The investigation by NDPC covers, among others, the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects and the mitigation measures carried out where a breach is confirmed.”
“The Commission’s National Commissioner/CEO, Dr Vincent Olatunji, has directed that organisations that employ digital payment systems without putting in place appropriate technical and organisational measures as mandated under the Nigeria Data Protection Act, 2023 (NDP Act), will also be examined as part of a wider effort to ensure the integrity of the ecosystem.”
