Sterling Bank data breach sparks alarm as alleged hacker claims expose customer data, prompting NDPC investigation and rising security concern
Sterling Bank Limited is facing serious public concern following allegations of a major cyber intrusion claimed by a dark web actor identified as ByteToBreach, who reportedly says he gained access to sensitive customer and employee data in what is now being described as a potential Sterling Bank data breach.
Also read: EFCC arrests woman seen cleaning nose with N500 note in TikTok video
According to ENigeria Newspaper, the alleged attacker claims to have accessed close to one million customer records and over 3,000 employee files, including sensitive financial and identity information.
The reported data includes Bank Verification Numbers, account details, transaction histories, loan records, and identity documents such as passports and driver’s licences.
The claims have not been independently verified by regulatory authorities at the time of filing this report.
The development has triggered widespread concern among customers, many of whom are reportedly anxious about potential exposure to fraud and identity theft.
Some account holders have expressed fears over personal safety risks linked to the misuse of financial data in criminal networks.
A Sterling Bank data breach allegation of this scale, if confirmed, could represent one of the most significant cybersecurity incidents in Nigeria’s financial sector in recent years.
ENigeria Newspaper further reports that the alleged breach may have exploited a vulnerability in Oracle WebLogic Server, a middleware system used in enterprise applications.
It claims that approximately 2.2GB of data was extracted through unauthorised access. These claims remain under investigation.
Cybersecurity analysts warn that stolen personal data can be used for advanced fraud techniques, including social engineering attacks that manipulate victims into revealing one time passwords and other sensitive credentials.
The Sterling Bank data breach claims have also drawn regulatory attention.
The Nigeria Data Protection Commission has reportedly launched an investigation into the incident and expanded its inquiry to include Sterling Bank and Remita Payment Services Limited.
The Commission, led by Dr Vincent Olatunji, has warned that organisations found to have failed in their obligations under the Nigeria Data Protection Act 2023 could face sanctions, following its Notice of Investigation issued earlier in April 2026.
Industry observers say the incident underscores growing pressure on financial institutions to strengthen cybersecurity frameworks amid rapid digital banking expansion in Nigeria.
While investigations continue, analysts caution that public confidence remains fragile, as trust is central to the stability of banking systems.
Any confirmed breach could have long term reputational and operational consequences for the institution involved.
Also read: EFCC arrests woman seen cleaning nose with N500 note in TikTok video
For now, authorities have urged restraint and reliance on verified updates as inquiries proceed into the alleged cyberattack and its potential impact on customers.
