The Corporate Affairs Commission (CAC) has confirmed an incident involving unauthorised access to parts of its information systems, raising concerns over the security of Nigeria’s central corporate registry.
The Commission has reported suspicious activity affecting certain areas of its digital infrastructure, which stores records on businesses, incorporated trustees, and company registrations nationwide, in a public notice shared through the official X handle.
Upon discovering the breach, CAC immediately began implementing its incident response measures and is now working with other relevant partners, including the National Information Technology Development Agency (NITDA), to determine the scope of the intrusion.
Containment measures have been implemented, as stated by the Commission, with additional safeguards in place to prevent any further compromise.
The statement indicated that the CAC is investigating a cybersecurity incident in which unapproved individuals gained access to restricted areas of its information systems.
The statement indicated that attempts were still being made to establish the scope and magnitude of the breach.
News: N-Delta Group Opposes ₦2.1trn Pipeline Deal, Accuses NASS of Overreach
To address the issue, CAC advised users of its portal to exercise caution by regularly reviewing their company records, updating their login information, and being mindful of any suspicious messages or communications that may appear to be from the Commission.
“The CAC portal requires stakeholders to verify their records, update their login information and be cautious of any spam.”
Further updates were promised by the Commission as they continued to investigate and maintain the integrity of Nigeria’s corporate database.
Although CAC didn’t provide a full account of the incident, reports that have circulated online and in cybersecurity communities suggest possible data exposure. However, these claims remain unverified.
Concerns have arisen among businesses and professionals who use the CAC portal for company registration, filing procedures, and compliance due to the development.
The event adds to already existing worries about the potential harm to government digital infrastructure as more public services are being moved online.
Investigations are ongoing.
