Back

Corporate Affairs Commission Data Breach Exposes Millions of Business Records

Severity: High (Score: 71.0)

Sources: Marketingedge.Ng, Gazettengr, Dailytrust, Saharareporters, Dailypost.Ng

Summary

On April 15, 2026, the Corporate Affairs Commission (CAC) of Nigeria confirmed a data breach that compromised limited aspects of its information systems, potentially exposing sensitive data for millions of registered businesses. This incident marks the third major cyberattack reported by Nigerian institutions within two weeks, following breaches at Remita Payment Services and Sterling Bank. The breach raises significant concerns as CAC processes approximately 10,000 business registration requests daily and handles 5,000 customer inquiries, creating a vast attack surface. The exposed data includes personal details of directors, shareholders, and corporate governance documents, which could facilitate identity theft and fraudulent activities. Stakeholders have been advised to monitor their records, update login credentials, and remain vigilant against phishing attempts. The CAC is collaborating with the National Information Technology Development Agency (NITDA) and other agencies to assess the breach's impact and implement containment measures. The breach highlights systemic vulnerabilities in Nigeria's public sector as digital services expand without adequate cybersecurity infrastructure. Key Points: • CAC confirmed a data breach affecting millions of registered businesses in Nigeria. • The breach follows similar incidents at Remita Payment Services and Sterling Bank. • Stakeholders are advised to monitor records and update login credentials due to potential identity theft.

Key Entities

  • Data Breach (attack_type)
  • Phishing (attack_type)
  • Corporate Affairs Commission (company)
  • Nigeria Data Protection Commission (company)
  • PRNigeria (company)
  • Remita Payment Services (company)
  • Sterling Bank (company)
  • Japan (country)
  • Nigeria (country)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • Financial (industry)
  • Government (industry)
  • Technology (industry)
  • T1566 - Phishing (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed