A report by a cybersecurity firm, Surfshark, has revealed that Nigeria recorded about 24.1 million compromised user accounts since 2004, making it the third most affected country in Sub-Saharan Africa

The report, which analysed global data breach trends for the first quarter of 2026, showed that Nigeria recorded 281,500 leaked accounts between January and March 2026, making the country the 34th most breached nation globally during the period under review.

Globally, the report revealed that 210.3 million accounts were breached in the first quarter of 2026, representing a sharp increase compared to previous periods.

The United States accounted for 29 per cent of all reported breaches worldwide, followed by France, India, Brazil and the United Kingdom.

According to the report, cyber threats targeting Nigerian users have continued to intensify over the years, exposing millions of individuals to risks such as identity theft, account hijacking, extortion and financial fraud.

Surfshark disclosed that about 7.5 million unique email addresses linked to Nigerian users have been exposed since 2004, while approximately 13 million passwords were leaked alongside compromised accounts.

The report noted that more than half of breached Nigerian users remain vulnerable to cyber-related crimes.

“Statistically, 10 out of 100 Nigerian people have been affected by data breaches,” the report stated.

It also stated that leaked data linked to Nigerian users included highly sensitive information such as Social Security-related records, payment card details, residential addresses, and personal contact information.

According to the report, about 3,900 Social Security-related records and 1,600 payment card details were exposed, alongside 1.9 million phone numbers and more than 925,000 residential addresses.

Similarly, the National Information Technology Development Agency (NITDA), has warned Nigerians about DeepLoad malware targeting banks, government agencies and businesses through deceptive online attacks.

The new artificial intelligence-powered malware known as “DeepLoad,” according to NITDA is a cyber threat actively targeting Nigerian government agencies, financial institutions, businesses and individuals.

The agency disclosed this in a critical advisory issued through its Computer Emergency Readiness and Response Team (CERRT.NG).

According to NITDA, DeepLoad is an AI-enhanced malware strain designed to infiltrate systems, steal sensitive information and evade conventional antivirus detection systems.

“The malware is distributed through a social engineering technique involving fake website error. Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection.”

The agency warned that one of the most dangerous features of the malware is its ability to remain active even after attempted removal.

“Critically, the malware incorporates a hidden WMI-based persistence mechanism capable of reactivating the infection up to three days after apparent removal,” it stated.

According to NITDA, a successful DeepLoad infection could grant cybercriminals unauthorised access to bank accounts, mobile money services and payment cards, while also enabling the theft of passwords, documents and sensitive personal information stored on web browsers.

To prevent infections, NITDA advised Nigerians never to paste commands from websites into their computers, noting that legitimate software providers do not request such actions.

The agency also cautioned users against opening suspicious files such as “Chrome Setup” or “Firefox Installer” from USB drives while all external storage devices be scanned with antivirus software before use.

NITDA further recommended enabling two-factor authentication on important accounts to avoid storage of banking passwords directly on web browsers.