CAC suffers cyberattack, begins investigation with NITDA support

The Corporate Affairs Commission (CAC) has confirmed a cybersecurity incident involving unauthorised access to parts of its internal systems, making it the latest Nigerian government agency to report a digital breach.

In a public notice signed by management and dated April 15, 2026, the commission said it is currently reviewing the incident and has activated its response protocols. CAC is working with the National Information Technology Development Agency (NITDA) and other relevant government agencies to assess the scope and impact of the breach.

The agency said containment measures have already been implemented, and additional safeguards are in place.

CAC did not disclose the scale of the breach, which systems were affected, or whether any data was extracted. It described the incident as involving “unauthorised access to limited aspects” of its information systems.

While investigations are ongoing, the commission has advised stakeholders to monitor their records on the CAC portal, update their login credentials, and remain cautious of unsolicited communications that could be linked to the incident.

CAC attack latest in breaches of Nigeria’s digital infrastructure

The recent cybersecurity incident at the Corporate Affairs Commission (CAC) is the latest in a series of breaches affecting Nigerian organizations.

A week ago, the Nigeria Data Protection Commission (NDPC) began investigating a potential data breach at Remita Payment Services and Sterling Bank.

This investigation was triggered after a threat actor known as “ByteToBreach” claimed that sensitive customer information was exposed. The exposed information allegedly includes Bank Verification Numbers (BVNs), Know Your Customer (KYC) documents, and transaction histories.

At the 2026 GITEX Africa summit, NITDA Director-General Kashifu Inuwa stated that human error causes 95% of digital security breaches. He also cautioned that artificial intelligence is making these breaches more difficult to identify.

Similar read: NDPC probes Remita, Sterling Bank over alleged data breach

Inuwa emphasized the importance of cybersecurity by saying, “Cybersecurity is no longer just a technical issue. It is a strategic imperative for national development.”

CAC oversees Nigeria’s official record of businesses. It is the main agency for registering companies in the country. A major breach could expose the records of millions of registered businesses and their owners.

The commission said it remains committed to the security and integrity of Nigeria’s corporate registry and will provide updates as the review progresses.