Just caught up on something pretty significant happening in Nigeria's regulatory space that doesn't get enough attention. The NDPC is now formally investigating the CAC cyberattack, and honestly, the pattern emerging here is worth paying attention to if you're operating in or dealing with Nigerian financial infrastructure.

So here's what went down. CAC confirmed unauthorized access to parts of its systems on April 15, and by April 17 the National Data Protection Commission formally launched an investigation. Dr Vincent Olatunji, the NDPC's National Commissioner, has directed their technical team to dig into access controls, data privacy assessments, and security vulnerabilities. They're also checking third-party processors connected to CAC's infrastructure. The commission is clearly treating this seriously under Section 46(3) of the Nigeria Data Protection Act 2023.

But what's interesting is this isn't an isolated incident. Just a week before the CAC breach, the NDPC was already investigating alleged compromises at Remita Payment Services and Sterling Bank. A threat actor claiming responsibility said they extracted sensitive customer data including BVNs and KYC documents. So we're looking at a concentrated pattern of data breaches hitting critical Nigerian institutions in succession.

The stakes here are real. CAC manages Nigeria's entire corporate registry and business registration system. If this breach exposed records of millions of registered businesses and their directors, we're talking about foundational economic data for the country. The NDPC's statement highlighted that threat actors are using increasingly sophisticated tactics now—large-scale data extraction combined with coordinated attacks across interconnected systems.

What's the regulatory response? The NDPC is basically saying Nigeria's data protection framework is sound, but they're clearly in damage control mode. They're pushing for stronger data security measures across institutions and reassuring the public that the broader digital economy infrastructure remains trustworthy. CAC has advised users to monitor their portal records, update credentials, and watch for suspicious communications.

This whole situation underscores something important: data breaches are becoming more frequent and coordinated against institutional targets. If you're involved in any way with Nigerian financial or business systems, this is worth monitoring closely as the investigation unfolds.