ABUJA, Nigeria — Hackers launched more than 2,000 cyberattacks against the Nigeria Data Protection Commission’s (NDPC) service portal within a single week, exposing the escalating digital threats facing the country’s public sector.
The relentless wave of attacks forced a temporary shutdown of the commission’s internal network and exposed critical structural gaps within the nation’s wider data protection ecosystem.
Dr Vincent Olatunji, the National Commissioner and Chief Executive Officer of the NDPC, disclosed the breaches on Monday, 1 June 2026, during a specialized technical security drill organized for IT administrators across federal ministries, departments, and agencies (MDAs) in Abuja.
“Within one week, we experienced more than 2,000 attempts on our service portal,” Dr Olatunji told delegates. “You can imagine what that means.”
State Portals Targeted as Migration Speeds Up
The NDPC chief noted that while recent cyber incidents targeting government digital platforms have failed to inflict major economic damage or compromise sensitive citizen databases, public institutions are increasingly being targeted by bad actors. He warned that these attacks are driven by varying motives, ranging from financial extortion to attempts to cause state embarrassment.
The warnings come amid an aggressive push by the Federal Government to achieve full electronic governance, reducing bureaucratic delays by allowing citizens to submit applications and process payments online.
The scale of the digital transition was underscored last week by a major policy announcement mandating 35 federal ministries to achieve full digitalization within weeks. More than 100 government agencies are currently involved in the mass migration.
However, Dr Olatunji warned that this rapid integration relies heavily on private sector technologies, creating fresh vulnerabilities for criminal syndicates to exploit.
“When you move to full integration or when you interact, there is every likelihood that bad actors will target your network,” he said. “We don’t have to wait until they have a certain effect before we take action.”
The Call for ‘Cyber Warriors’
To counter the threat, the NDPC is calling for the rapid development of specialized “cyber warriors” within the civil service to protect state databases.
Under the Nigeria Data Protection Act (NDPA), public institutions are legally classified as data controllers because they harvest and process personal information belonging to both Nigerian citizens and foreign residents.
While technology is vital, officials emphasized that software alone cannot safeguard state infrastructure without highly trained technical personnel to manage it. To bridge this gap, the commission is deploying several initiatives:
- The National Privacy Academy: Delivering self-paced training and certification courses for data protection officers across all tiers of government.
- Executive Briefings: Extending specialized data security training to permanent secretaries and top-tier senior officials to ensure compliance is driven from the top down.
- Post-Retirement Opportunities: Highlighting that certified public sector data officers can transition into lucrative, licensed compliance roles within the private sector after retiring from public service.
Compliance Rates Inching Upward
Despite the high volume of attacks, the NDPC reported significant structural progress in how public institutions approach data privacy.
When the commission first began its enforcement campaigns, the compliance rate with data privacy requirements across Nigeria’s public sector stood at a mere four per cent. Today, official figures show that compliance has climbed to roughly 20 percent, with a growing number of MDAs now carving out dedicated budgetary allocations to fund technical safeguards and appoint statutory data protection officers.
Supporting the intervention, Dr Tolulope Pius-Fadipe, the NDPC’s Head of Research and Development, stated that the technical drills are designed to help state agencies test and maintain vital public services during active cyber crises.
Mr. Olorunisomo Isola, Head of IT and Cybersecurity at the commission, added that administrators are undergoing rigorous practical training in encryption, cloud security, data loss prevention, and rapid incident response to ensure all state organs strictly implement the statutory safeguards demanded by Section 39 of the Data Protection Act.
Add Comment