The recent banking breaches in Nigeria have exposed sensitive records. In late March 2026, a hacker breached Sterling Bank. Soon after, the same attacker accessed Remita, a major payment platform used by many Nigerians.
As a result, millions of records including BVNs, passports and bank account details may already reside on the dark web.
Because of this, every Nigerian needs to act fast. This article will walk you through exactly what you need to do right now.
Confirm If the Recent Banking Breaches Exposed Your Data
First, you need to know whether the leak includes your information.
On the 27th of March 2026, a threat actor called ByteToBreach claimed to have stolen data of about 900,000 customer accounts and 3,000 employee records from Sterling Bank. The stolen data reportedly includes BVNs, NINs, passport scans, driver’s licenses and transaction histories.
Then, the hacker used Sterling Bank’s access to break into Remita, taking roughly 3 terabytes of data from a misconfigured Amazon S3 bucket. That data included hundreds of gigabytes of KYC documents such as IDs and passports, databases, source code, API keys and password hashes.
As a result, many Nigerians now face serious risks. To confirm whether the breach exposed your data, ask your bank directly or watch for unusual account activity.
Remita, Sterling Bank and Nigerian banking regulators have not issued any official confirmation or denial as of early April 2026. Therefore, do not wait for official confirmation before taking action to protect yourself.
Immediately Secure Your BVN and Bank Accounts
Once you suspect exposure, act immediately. Contact your bank and ask them to flag your BVN and add extra security checks to your accounts. Change all your online banking passwords immediately.
In addition, enable two-factor authentication (2FA) on every banking app and payment platform. This adds an extra layer of protection. Even if a criminal has your password, they cannot log in without the second code.
Also, request a new PIN for your debit or credit cards. The Central Bank of Nigeria (CBN) issued a directive on the 30th of March 2026. It mandated all deposit money banks to complete a Cybersecurity Self-Assessment Tool (CSAT) within three weeks.
The tool evaluates institutions’ cybersecurity posture, including governance, risk management and third-party risks. While banks work on their systems, you must protect yourself. If you see any unfamiliar transaction, report it to your bank’s fraud desk immediately.
Monitor Your Credit and Identity for Long-Term Safety
Unfortunately, this is not a one-time fix. Once your BVN, passport and bank details have been compromised, you will need to stay alert for years.
Additionally, check your credit history with major Credit Bureaus like CRC Credit Bureau or CR Services. Make sure to look for loans or accounts you did not open and dispute them immediately.
Also, you can place a voluntary alert on your BVN. This alert notifies you whenever someone tries to use your identity for credit or a new account.
Furthermore, be very careful about sharing your biometric data. Scammers may call pretending to be your bank and ask for your BVN or NIN.
The Nigeria Computer Emergency Response Team (ngCERT) has issued alerts about banking trojans like Grandoreiro, which targets over 41 banking apps in Nigeria.
Finally, do not give out personal information over the phone. Banks already have this information, they do not need to ask you for it.
As the Cyber Security Experts Association of Nigeria (CSEAN) has noted, “identity is the new perimeter.”
Ultimately, cybercriminals will continue to bypass traditional defenses using stolen, legitimate credentials. It is up to you to protect yourself.
