The Corporate Affairs Commission (CAC), Nigeria’s official company registry, confirmed Wednesday a cybersecurity breach exposing sensitive data of millions of registered businesses. The incident marks one of the largest known attacks on Nigerian government digital infrastructure in recent years.
According to cybersecurity analysts monitoring the situation, the breach likely occurred through compromised administrator credentials at a third-party vendor. ‘When you see this scale of data exposure, it typically points to systemic vulnerabilities rather than a simple hack,’ said a Lagos-based security consultant who requested anonymity due to ongoing forensic work.
The CAC acknowledged the breach in a terse statement, noting it had ‘initiated containment protocols’ and was working with the Nigerian Data Protection Commission. Officials declined to specify whether ransomware was involved or if citizen identity documents were compromised.
This incident follows warnings from the African Union’s cybersecurity unit about rising attacks on corporate registries across the continent. Last month, Ghana’s registrar general reported a similar breach affecting 500,000 entities.
Financial experts warn the breach could undermine Nigeria’s push for foreign investment. ‘Corporate registries form the bedrock of business verification,’ noted an economist at Chapel Hill Denham. ‘This creates due diligence headaches for any firm looking at Nigerian partnerships.’