Nigeria’s Corporate Affairs Commission (CAC), the country’s primary company registration body, has confirmed a cyberattack on its information systems, prompting a temporary suspension of its online portal and triggering a formal investigation by data protection authorities.
In a public notice dated April 15, 2026, the CAC confirmed a cybersecurity incident involving unauthorised access to parts of its internal systems. The commission said it had activated response protocols and was working with the National Information Technology Development Agency (NITDA) and other relevant government agencies to assess the scope and impact of the breach, adding that containment measures had already been put in place.
The commission subsequently announced a suspension of its registration portal from midnight on April 17 to 6:00 a.m. on April 20, 2026, describing the closure publicly as scheduled maintenance. However, the shutdown followed directly from the confirmed security incident.
The breach makes the CAC the third major Nigerian institution to report a cyberattack in two weeks, following investigations into Remita Payment Services and Sterling Bank, where a threat actor allegedly exposed Bank Verification Numbers (BVNs), Know Your Customer (KYC) documents, and transaction histories.
The Nigeria Data Protection Commission (NDPC) announced on April 17 that it had initiated a formal investigation into the reported breach, pursuant to Section 46(3) of the Nigeria Data Protection Act, 2023. The NDPC expressed concern over the increasing sophistication of threat actors targeting critical national databases, describing their methods as involving large-scale data exfiltration and cross-platform compromise.
The CAC processes up to 10,000 business registration requests daily and handles an average of 5,000 customer inquiries through emails and call centres, making the breach a potentially serious disruption for businesses across the country.
The commission urged users to update their login credentials and monitor their records as a precaution while the investigation continues.
