Hacker Claims Data Breach Affecting One Million Sterling Bank Customers Under Investigation in Nigeria

Sterling Bank, a familiar name in Nigerian banking, is now caught up in a storm. A hacker’s claiming they hacked the bank’s systems and took a large chunk of sensitive customer data. Naturally, customers are asking the same question: is my personal info still safe?

Details of the Alleged Breach

Let’s first start with who’s behind the allegations. A dark web actor calling themselves “ByteToBreach” says they did it.

The alleged haul is massive. ByteToBreach says they accessed records tied to nearly one million customer accounts. In addition, profiles of over 3,000 employees, including senior management, got stolen.

This could result in serious problems if it’s actually true because personal data such as BVN, NUBAN, passport details, driver’s licenses, which the hacker took, are highly valuable. They even claimed they got their hands on transaction histories, loan records, credit scores, and internal staff data, all of which could aid financial fraud.

This kind of information is like a jackpot to criminals. Identity theft becomes easy. Financial fraud gets a whole lot simpler. And sophisticated social engineering scams? Those become almost impossible to spot.

The value of stolen customer data is well understood on dark web markets, in the US, a breach at Integra Credit exposed 134,000 customer phone numbers, which can be used for precisely these kinds of social engineering attacks, showing that financial data breaches are a universal threat regardless of geography.

Customers Panic About the Safety of Their Data

For most customers, this isn’t some abstract tech problem. It feels personal.

This isn’t about digital banking convenience anymore”, one Lagos-based customer said. “It’s about personal safety”. Moreover, customers aren’t waiting around. Already, some customers are considering closing their accounts, and some worry bad guys might use their personal data for something sinister.

Here’s what experts suspect, the hackers exploited a weakness in Oracle WebLogic Server. That’s a piece of software that connects web apps to databases. From there, they allegedly bypassed security and carted away around 2.2 gigs of data, personal identifiable information of over 900,000 people, inclusive.

Regulators Take Action

Meanwhile, Sterling Bank hasn’t fully confirmed what happened and the true extent of the breach. However, the regulators are already taking action.

The Nigeria Data Protection Commission has launched a full-scale probe. This problem also covers Remita Payment Services Ltd., a big name in Nigeria’s digital payment space.

Further, the Commission issued a formal notice on April 1. Vincent Olatunji, the National Commissioner, gave the orders to expand the investigations. His was clear, any organisation that breaks Nigeria’s Data Protection Act will face the consequences.

Implications of this Breach

As digital banking is growing faster, so are the cyber threats. Industry analysts believe these threats are inherent in the modern banking world, and everyone must take cyber security seriously.

Cybersecurity isn’t optional anymore,” one analyst said. “It’s the foundation. Even the perception of vulnerability can destroy trust.” Banks need customer’s trust and if the customers no longer trust them to keep their data safe, they’ll move elsewhere.

So here’s the bigger question: are Nigeria’s banks truly ready to deal with the challenges that come with the digital age? Millions more customers come online every year. Does the security keep up?

For now, investigations continue. And nothing is officially confirmed yet. But the customers want answers, and regulators want accountability. And for Sterling Bank, this probe could shape public confidence for years.