As digital development and adoption continue to deepen in Nigeria, concerns about the country’s Data Security have been a major topic for discussion among the general public. Numerous industries, including banking, telecommunications, government, and healthcare, have experienced data breaches. The country has seen a rise in reported data breaches in recent years, partly as a result of the country’s rapidly expanding internet and digital service penetration. According to the most recent survey conducted by Surfshark, a cybersecurity firm, there was a 64 percent increase in data breach incidents in Nigeria in the first quarter of 2023.
Between January and March of this year, Nigeria recorded 82,000 occurrences of data breaches, up from 50,000 in Q4 2022, as per the report. As a result, the nation was placed 32nd globally on the list of nations where hackers have gained unauthorized access. The Nigeria Data Protection Bureau (NDPB) said in February that it was looking into claims of data breaches at over 110 Nigerian companies. Major telecom providers, government entities, and financial institutions have all been involved in some notable data breaches in Nigeria.
Government vital database are being compromised.
Thousands of residents’ personal information was compromised in a data breach that jolted the Plateau State Contributory Health Care Management Agency (PLASCHEMA) in July 2022. Sensitive business communications, Trade secrets, and intellectual property have been revealed by breaches that have affected Nigerian organizations, especially SMEs. There have been notable breaches in the telecommunications industry. Prominent telecom carriers such as MTN and Airtel have reported Security breaches involving compromised user data that have led to fraudulent actions and unauthorized SIM swaps.
There have also been instances of compromised government databases, particularly those holding voters and public personal information. This jeopardizes not just personal privacy but also the credibility of government operations. In June, the disclosure of the alleged illegal selling of millions of Nigerians’ National Identity Numbers (NINs) for fees online, including that of Minister of Communications and Digital Economy Bosun Tijani, gave this issue further weight. Among other worrying incidents, this one brought to light vulnerabilities in Nigeria’s data protection systems, especially with regard to how personal information about its citizens is managed.
Data privacy violations have far-reaching consequences.
Implications of these Data Privacy violations have far-reaching consequences such as economic ramification, reputational harm to businesses, and monetary losses for both individuals and businesses. At its core, it directly jeopardizes the basic right to privacy that the Nigeria Data Protection Act (NDPA) 2023 guarantees to Nigerian individuals. In Nigeria, cyberattacks—including data breaches—have become more frequent. According to a 2022 research by cybersecurity company Sophos, ransomware assaults were reported by 71 percent of Nigerian organizations, and many of these attacks resulted in data breaches.
One of the main targets is the financial sector, with reports by The Central Bank of Nigeria (CBN) reported that in 2020 alone, Nigerian banks lost over ₦5.5 billion (about $14.6 million) to electronic Fraud and cyberattacks, with part of these losses related to data breaches. According to a Deloitte analysis from 2021, 91 percent of Nigerian businesses, especially SMEs, had experienced at least one cybersecurity breach that had a major negative influence on their business’s operations and earnings. Nigeria was one of the most frequently targeted countries in Africa in 2021 for ransomware attacks, several of which resulted in serious data compromise.
Related Article: Ensuring data privacy & protection in Nigeria
With the startling increase trend of data breaches in Nigeria and possible consequences, proactive steps are required to safeguard sensitive data. A few Nigerian businesses have begun to make investments in cybersecurity protections. In addition, the government has passed the Nigeria Data Protection Act 2023, expanding upon the fundamental guidelines established by the Nigeria Data Protection Regulation (NDPR) of 2019. However, regulation enforcement and compliance continue to be challenging despite attempts. Nigeria’s cybersecurity Infrastructure is still in its early stages of development, which makes it challenging to defend against sophisticated cyberattacks.