Election Data Under Threat as Hackers Target Government Agencies, Banks

A wave of sophisticated ransomware attacks has hit Nigerian government institutions and major financial organisations, raising serious concerns about the safety of sensitive national data, especially with the 2027 elections on the horizon.

Over the past three weeks, cybercriminals have breached critical systems, exposing weaknesses in Nigeria’s growing digital infrastructure. Agencies like the Corporate Affairs Commission (CAC) and reports from the National Information Technology Development Agency (NITDA) confirm that coordinated attacks have caused service disruptions and may have led to the theft of large volumes of citizen and corporate data.

One of the most alarming incidents involved a hacker group known as ByteToBreach, which reportedly infiltrated CAC systems and accessed about 25 million documents, estimated at 750GB. The group is said to be demanding €250,000 while showcasing evidence of the breach, including screenshots detailing how they gained full system control.

In response, the CAC temporarily shut down its company registration portal and warned the public to be cautious of suspicious communications. Meanwhile, the Nigeria Data Protection Commission (NDPC) has launched an investigation into the incident and broader cybersecurity threats.

Experts warn that these attacks mark a shift from simple online fraud to large-scale institutional extortion, exposing Nigeria’s vulnerability in cyberspace. With reports suggesting organisations face around 4,700 cyberattacks weekly, concerns are growing about the security of critical platforms, including those used by the Independent National Electoral Commission (INEC).

The situation is compounded by previous breaches linked to ByteToBreach, including attacks on Sterling Bank and the Remita payment platform, key infrastructure for government transactions. Analysts say some of these breaches may have been caused by poor system configurations rather than highly advanced hacking, pointing to deeper structural issues.

This trend is not limited to Nigeria. Similar cyberattacks have been reported internationally, including a recent breach involving Standard Bank in South Africa, where customer data was exposed.

Cybersecurity specialists warn that the CAC breach could have far-reaching implications. Beyond exposing business registration details, it could reveal ownership structures and sensitive identity data, making companies vulnerable to fraud, blackmail, and espionage. Some argue that such breaches threaten Nigeria’s economic sovereignty, as hostile actors could gain insight into key sectors like oil, gas, and telecommunications.

Stakeholders are now calling for urgent reforms. They stress the need for stronger cybersecurity frameworks, better-trained personnel, and a shift toward a “security-first” approach in managing digital systems. There are also concerns about the readiness of Nigeria’s electoral infrastructure, with experts warning that systems like INEC’s IReV and BVAS could become targets for disruption or manipulation.

According to a Deloitte report, Nigeria lost over $3 billion to cybercrime between 2019 and 2025, with annual losses averaging $500 million. As digital services expand, these threats are expected to intensify.

The NDPC has advised government agencies and organisations to strengthen their data protection measures, including adopting multi-factor authentication, encrypting sensitive data, conducting regular security assessments, and implementing a “zero trust” security model.

As investigations continue, the attacks serve as a stark warning: without urgent action, Nigeria’s digital economy, and the integrity of its democratic processes, could face even greater risks.