The Nigeria Data Protection Commission said it has initiated an investigation into the reported data breach at the Corporate Affairs Commission.
NDPC said the investigation of CAC is in pursuant to Section 46(3) of the Nigeria Data Protection Act, 2023 (NDP Act).
The Commission said this investigation underscores the importance of fostering trust in Nigeria’s economic environment.
The NDPC notes with concern that threat actors in the digital space have devised malicious methods of compromising the data security architecture of key databases.
These involve large-scale data exfiltration and cross-platform compromise across interconnected systems.
As part of a continuum of regulatory support measures, Dr Vincent Olutunji, the National Commissioner/CEO of the NDPC, has directed the Commission’s technical team to immediately interface with relevant authorities and pivotal organisations, with a view to reinforcing existing guardrails for the processing of personal data.
According to Babatunde Bamigboye, head, Legal, Enforcement & Regulations, NDPC, the investigation of the instant case will, inter alia, cover the procedures and outcomes of Access Control Mechanisms, Data Privacy Impact Assessments, Vulnerability Assessment and Penetration Testing (VAPT), as well as due diligence on third-party data processors.
The NDPC assures members of the general public that frameworks for data protection, in terms of technology and other requisite resources in Nigeria, remain fundamentally strong. This is evident in the increasing rate of access to data-driven services.
“The ongoing efforts of the NDPC are necessary regulatory actions geared towards sustaining public trust in these services and bolstering continuous investment in Nigeria’s digital economy”, he said.
