The Nigeria Data Protection Commission (NDPC) has launched an investigation into a reported data breach involving the Corporate Affairs Commission (CAC).

The investigation is being conducted pursuant to Section 46(3) of the Nigeria Data Protection Act, 2023 (NDP Act), and the Commission says it underscores the importance of maintaining trust and integrity within Nigeria’s digital and economic ecosystem.

According to the NDPC, it is concerned that threat actors in the digital space are continuously developing malicious methods to compromise the security architecture of key national databases.

“The investigation of the instant case will, inter alia, cover the procedures and outcomes of Access Control Mechanisms, Data Privacy Impact Assessments, Vulnerability Assessment and Penetration Testing (VAPT), as well as due diligence on third-party data processors,” the Commission stated.

The NDPC assured the public that Nigeria’s data protection frameworks, both in terms of technology and institutional capacity, remain fundamentally strong, noting that the growing adoption of data-driven services reflects continued public trust in digital systems.