Lawyers Without Borders Alerts on CAC Data Breach Risks

Lawyers Without Borders issued a statement on Tuesday, expressing alarm over a data breach at the Corporate Affairs Commission (CAC) that threatens the privacy rights of Nigerian entrepreneurs. The organization, represented by Country Director Angela Uwandu and Uzoma Iwuchukwu, reacted to a public notice from the CAC dated April 15, which confirmed a cybersecurity incident involving unauthorized access to parts of its information system.

The breach, allegedly linked to a threat actor identified as Bytetobreach, compromised sensitive personal data, including handwritten signatures and passport photographs. The organization criticized the CAC for inadequate disclosure and lack of clarity regarding the breach's impact on affected individuals.

They noted that the CAC failed to comply with the Nigeria Data Protection Act 2023, which requires direct notification to individuals at high risk of a breach. Lawyers Without Borders called for an independent forensic audit of the CAC's cybersecurity framework and urged the federal government to adopt data minimization practices to protect victims of identity theft.