Nigeria Data Protection Bureau (the Bureau) has commenced investigations into reports of breach of data privacy involving two major data controllers in Nigeria, namely; Wema Bank PLC and KC Gaming Networks (Bet9ja).
Wema Bank is on NDPB’s radar after allegations that the bank and its agents have been opening unauthorised accounts for customers with information sourced from their Bank Verification Number (BVN) details.
On the other hand, the Nigerian betting platform Bet9ja suffered a ransomware attack perpetrated by the BlackCat ransomware group on April 6, which the company confirmed two days after the attack.
BlackCat group is regarded as the successor to BlackMatter and REvil gangs that target corporate environments with customisable ransomware. READ MORE.
Mr. Babatunde Bamigboye, the Legal, Enforcement & Regulations Lead at NDPB confirmed the development.
He said that Wema Bank and Bet9ja are under investigation in line with Section 37 of the 1999 Constitution and the provisions of Nigeria Data Protection Regulation (NDPR) 2019 – particularly Articles 2.1(2)-(3), 2.6 and Article 4 of the NDPR.
“It will be recalled that sometime in May 2022, some customers of Wema Bank PLC complained of breach of their rights to data privacy and protection by the Bank. This data processing, according to the complaints against the Bank, involves using their personal data to open accounts.
“The Bureau is also investigating report of breach of data privacy at KC Gaming Networks. The breach in this case involved alleged external attack on the KC Gaming Networks.
“At this stage, the objectives of these investigations as directed by the National Commissioner/CEO of the Bureau, Dr. Vincent Olatunji, are to determine the impact of the breaches on the affected data subjects and the remedial actions taken by the concerned data controllers. The Bureau assures members of the general public that it will ensure proper accountability of the data controllers in the ongoing investigations”, Bamigboye said.