Hackers Seize 750GB Of CAC Files As Nigeria’s Digital Defences Crumble

Daniel Otera03 mins

A sophisticated wave of ransomware attacks has battered Nigerian government agencies and tier-1 financial institutions over the past three weeks, exposing deep fragilities in the nation’s digitising economy. Reports from the National Information Technology Development Agency (NITDA) and the Corporate Affairs Commission (CAC) confirm that “coordinated and sophisticated” threat actors have breached critical infrastructure, causing service outages and the suspected exfiltration of sensitive citizen data. The CAC temporarily suspended its companies’ registration portal, while the Nigeria Data Protection Commission (NDPC) has commenced a probe into the attacks.

The most severe incident involves the CAC, the agency responsible for company registrations. A threat actor known as ByteToBreach allegedly exfiltrated approximately 25 million documents, totalling about 750 gigabytes of data, from CAC infrastructure. ByteToBreach is a prolific data leak trader active since at least June 2025, specialising in exploiting internet-facing systems. The actor provided seven proof screenshots documenting attack stages, from initial breakthrough to full domain admin takeover and data staging. While roughly 25 per cent of the haul is described as “simple corporate signatures,” the remaining over 15 million documents represent a goldmine of sensitive corporate intelligence, ownership structures, and identity data.

This breach is not isolated. It follows strikes by ByteToBreach on the Remita payment platform and Sterling Bank in late March 2026, which allegedly compromised 900,000 customer accounts and 3,000 employee records, including Bank Verification Numbers and National Identity Numbers. The NDPC served formal notices of investigation on April 1, 2026. The Remita breach allegedly involved a misconfigured Amazon S3 cloud storage bucket, exposing roughly three terabytes of data—a technical detail pointing to systemic failures in data asset management within Nigeria’s digital supply chain.

The wave of attacks extends beyond Nigeria. Hackers recently released data stolen from Standard Bank of South Africa, exposing account numbers, limited account information, business names, and ID numbers. The bank confirmed unauthorised access to select data and said its insurer, Liberty, was also affected.

Nigerian organisations now face about 4,700 cyberattacks per week, according to Check Point Research, the highest in Africa and a 12 per cent year-on-year increase. Deloitte’s “Nigeria Cybersecurity Outlook 2026” warns of rising ransomware and phishing risks as digital services expand, noting Nigeria lost more than $3 billion to cybercrime between 2019 and 2025.

Concerns are mounting over the security of the Independent National Electoral Commission (INEC) ahead of the 2027 general elections. Experts warn that systems like IReV and BVAS could become targets for ransomware, distributed denial-of-service attacks, or upload failures that erode public trust. The CAC breach underscores that vulnerability is not limited to banking applications but is systemic within government infrastructure.

The CAC stated it is “currently reviewing a cybersecurity incident involving unauthorised access to limited aspects of its information systems.” The NDPC’s investigation will examine access control mechanisms, data privacy impact assessments, vulnerability and penetration testing, and due diligence on third-party data processors.

 

Related posts:

  1. NDPC Warns Of Coordinated Cyber Attacks On Nigerian Banks
  2. Over 60 Nations, Including Nigeria, Target Deepfake Proliferation
  3. Nigeria Secures $200m Investment For Defence Technology
  4. IPMAN eyes refinery ownership, orders members to buy Dangote fuel.
  5. FG Unveils National Intellectual Property Policy to Boost Innovation, Economic Growth
  6. Africa’s Digital Weak Link? Nigeria’s Alarming Position in Cybercrime Rankings