NITDA urges firms to disclose cyberattacks promptly

The National Information Technology Development Agency on Thursday urged organisations to stop concealing cyberattacks, following a recent breach that affected a bank and extended to connected platforms, including Remita.

The agency warned that hiding such incidents increases risks for other organisations in Nigeria’s increasingly interconnected digital ecosystem.

The Nigeria Data Protection Commission is investigating the incident, which reportedly involved the compromise of sensitive customer data and highlighted vulnerabilities in the country’s digital financial infrastructure.

“Our main focus is deepening synergy among stakeholders,” NITDA Director-General Kashifu Abdullahi said in an interview at GITEX Africa in Morocco.

“The mindset that organisations should hide attacks to protect their reputation must change. They may not need to make incidents public, but they should share intelligence so others can protect themselves.”

He warned that the cyber-threat landscape is becoming increasingly dangerous due to artificial intelligence and rising digital interconnectivity.

“If one organisation is compromised, it can become a launch pad to attack others,” he said, adding that NITDA is working closely with national institutions and its supervising ministry to strengthen coordination.

On Sunday, the NDPC announced it was investigating the alleged data breaches, seeking both to safeguard affected individuals and to identify measures to prevent future incidents.

“The investigation aims to ensure that data subjects are protected with appropriate technical and organisational measures. The investigation covers, among other things, the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects, and the mitigation measures carried out where a breach is confirmed,” the statement read.

The commission added that firms operating digital payment systems without adequate technical or organisational safeguards will come under scrutiny as part of a broader push to protect the integrity of the ecosystem.

“The commission’s National Commissioner/CEO, Dr Vincent Olatunji, has directed that organisations employing digital payment systems without appropriate technical and organisational measures as mandated under the Nigeria Data Protection Act, 2023, will also be examined as part of a wider effort to ensure the integrity of the ecosystem,” the statement concluded.