Nigeria’s Corporate Affairs Commission (CAC) has confirmed a cybersecurity breach involving unauthorised access to parts of its digital infrastructure, triggering a system-wide review and raising fresh concerns over the safety of sensitive corporate data.
In an official notice titled: “Notice of System Review” and signed by management, the Commission disclosed that the incident affected “limited aspects” of its information systems, prompting immediate containment and investigative actions.
“The Corporate Affairs Commission (CAC) is currently reviewing a cybersecurity incident involving unauthorised access to limited aspects of its information systems,” it stated.
According to the Commission, emergency response protocols were activated immediately after the intrusion was detected, with a coordinated investigation now underway in collaboration with the National Information Technology Development Agency (NITDA), other relevant government agencies and technical partners to determine the scope and potential impact of the breach.
It further disclosed that containment measures have already been deployed, alongside additional safeguards to prevent further unauthorised access while forensic reviews continue.
As part of immediate risk mitigation, the Commission issued a nationwide advisory to stakeholders, urging heightened vigilance across its platform.
The CAC said, “While the review is ongoing, stakeholders are advised to monitor their records on the CAC portal, update login credentials, and remain cautious of unsolicited communications.”
The breach has intensified scrutiny of Nigeria’s corporate data infrastructure. As custodian of the country’s official business registry, the CAC maintains extensive records covering company ownership structures, directors’ details, statutory filings and compliance histories, making it a prime target for cyber threats.
Although the Commission led by Hussaini Ishaq Magaji, as the registrar-general, maintained that the compromise was limited in scope, its directive to users underscores the risk of downstream attacks, including phishing and credential compromise, which often follow such incidents.
The development comes at a critical point in Nigeria’s digital transition. The CAC sits at the heart of reforms aimed at simplifying business registration and improving regulatory efficiency through full-scale digitisation. Any disruption or erosion of trust in its systems could have immediate consequences for business operations, investor confidence and regulatory processes.
Despite the incident, the Commission moved to reassure stakeholders of its commitment to data protection and system integrity.
The CAC stated, “CAC remains committed to the security and integrity of Nigeria’s corporate registry and will provide updates as necessary.”
Beyond the immediate response, the incident is likely to amplify calls for deeper investment in cybersecurity infrastructure across public institutions, with analysts warning that Nigeria’s accelerating digital economy is increasingly exposed to complex and evolving cyber risks.
(Leadership)
