A major data breach has exposed Nigerians’ BVNs and personal details on government websites, including those of the CBN and Edo State, violating data laws.
Several Nigerian government websites—including those of the CBN and Edo State—have exposed citizens’ personal data, including names, BVNs, phone numbers, and addresses, violating Nigeria’s data protection laws.
According to findings by FIJ, documents containing sensitive details of loan applicants and civil servants were openly accessible through indexed Excel files. In Edo State’s case, the MSME portal leaked data of over 190 individuals. The CBN website also hosted files listing personal information without justification.
Dr. Felix Ale of NASRDA warned that such breaches violate the Nigeria Data Protection Act (NDPA) and expose victims to identity theft and fraud.
Despite Nigeria passing its first comprehensive data law in 2023, enforcement remains weak. Data on other state websites—like Benue, Zamfara, and Borno—also showed unconsented disclosures.
Under the NDPR, agencies must report data breaches within 72 hours. However, many have failed to act.
The Nigeria Data Protection Commission (NDPC) is yet to respond to these violations, which pose serious risks to citizen privacy and national security.