Sterling Bank Under Investigation as FG Probes Alleged BVN Leak

Panic has spread among Sterling Bank customers following reports of a significant data breach that may have exposed sensitive personal and financial information. This has led to a federal investigation.

The controversy involves claims by a dark web actor called “ByteToBreach,” who alleges responsibility for infiltrating the bank’ s systems and accessing large amounts of customer and employee data.

ENigeria Newspaper reports that nearly one million customer accounts and over 3, 3,000 employee records, including details of senior executives, may have been compromised.

Many customers are now worried about security, especially with rising fraud and kidnapping cases in the country. Some are considering closing their accounts over fears of data misuse by criminals.

A customer in Lagos reportedly said, “This is no longer just about banking services; it is about personal safety.” 

Preliminary reports suggest the breach originated from a vulnerability in Oracle WebLogic Server, a middleware used to connect applications to databases. Attackers bypassed authentication to extract about 2. 2.2GB of data, including personally identifiable information of over 900, 900,000 customers.

Cybersecurity experts warn this data could be used for sophisticated fraud and social engineering attacks, where criminals impersonate legitimate institutions to obtain credentials.

The incident also raises questions about Sterling Bank’ s cybersecurity under CEO Abubakar Suleiman, with some experts suggesting more investment in digital security might have been necessary.

The Nigeria Data Protection Commission has launched an investigation, extending it to Remita Payment Services Ltd., a key player in digital payments.

The Commission issued a Notice of Investigation on April 1, 2026, and is questioning relevant parties. National Commissioner Vincent Olatunji has ordered a thorough inquiry, warning that violations of the Nigeria Data Protection Act (2023) will face strict sanctions.

Beyond government scrutiny, this breach damages the bank’ s reputation, as customer trust is vital in banking. Even the perception of weak data protection can have long- lasting effects.

The incident has also renewed concerns over cybersecurity in Nigeria’ s financial system, especially as digital banking expands.

While investigations continue, this incident highlights the critical importance of data security in the digital world and questions how well financial institutions are protecting sensitive customer information.