Avocats Sans Frontières France, Nigeria (Lawyers Without Borders) has expressed concerns regarding the recent large-scale data breach at the Corporate Affairs Commission (CAC).

Reports indicate that a significant volume of sensitive data, including handwritten signatures, national identity documents, and passport photographs of Nigerian entrepreneurs, has been compromised by the threat actor “ByteToBreach.”

Reacting to this development, Country Director, Avocats Sans Frontières France, Angela Uwandu Uzoma-Iwuchukwu, noted that the incident represented more than a technical failure but a serious challenge to the Right to Privacy guaranteed under Section 37 of the 1999 Constitution and the statutory obligations established by the Nigeria Data Protection Act (NDPA) 2023.

According to her, the current approach adopted by the CAC to public communication regarding the crisis is concerning.

While the body acknowledges the commission’s confirmation of unauthorised access, it lists the areas that require urgent improvement to include comprehensive disclosure, clarity of communication, and victim notification protocols.

To restore trust in Nigeria’s digital economy, ASF France called for an immediate, third-party audit of the CAC’s cybersecurity infrastructure, with findings presented to the National Assembly.

It also called on the NDPC to exercise its mandate by investigating the breach thoroughly and applying appropriate sanctions to ensure state agencies adhere to the same standards as private entities.

According to the rights group, CAC should transition toward secure digital signatures and reduce the collection of high-risk physical biometric data and explore insurance or indemnity frameworks to protect citizens against the long-term risks of identity fraud resulting from this breach.