Avocats Sans Frontières France has raised alarm over the recent data breach at the Corporate Affairs Commission, warning that the incident poses a serious threat to the privacy rights of Nigerian entrepreneurs and undermines trust in the country’s digital governance framework. In the statement issued in Abuja, Country Director of ASF France, Angela Uwandu Uzoma-Iwuchukwu, said the breach allegedly carried out by a threat actor identified as “ByteToBreach”, compromised sensitive data including handwritten signatures, national identity documents and passport photographs. She described the incident as a grave violation of the constitutional right to privacy, and the provisions of the Nigeria Data Protection Act (NDPA).ASF France criticised the Commission’s handling of public communication, noting that the absence of clear disclosure on the number of affected individuals has left millions of business owners uncertain. It also faulted the characterisation of the disruption as “scheduled maintenance”, warning that such messaging could erode public confidence and transparency. The group further argued that the CAC’s response falls short of legal requirements, particularly in relation to victim notification. It stressed that under the NDPA, data controllers must directly inform affected individuals in cases of high-risk breaches, adding that general advisories urging users to monitor their records are inadequate. While acknowledging the involvement of the Nigeria Data Protection Commission and National Information Technology Development Agency, the organisation called for a shift from reactive responses to restorative justice. IIt highlighted the absence of clear mechanisms for victims to seek compensation or secure compromised identities, especially in light of reported vulnerabilities linked to third-party systems.ASF France proposed a series of reforms, including an independent forensic audit of CAC systems, stronger regulatory enforcement, and the introduction of identity protection measures such as free processes for flagging compromised data. It also urged legislative oversight and the adoption of data minimisation practices, insisting that the breach must serve as a turning point for building a more accountable and resilient data protection regime in Nigeria.🚨 BREAKING: Watch the full clip here ➤
