The Corporate Affairs Commission (CAC) has confirmed a cybersecurity incident involving unauthorised access to parts of its information systems, raising concerns about the potential exposure of data across Nigeria’s central corporate registry.
In a public notice signed by management and dated April 15, 2026, the CAC disclosed that it had promptly activated its response protocols and is working with the National Information Technology Development Agency (NITDA), relevant government agencies, and partners to assess the scope and impact of the breach.
The commission said appropriate containment measures have already been implemented, while additional safeguards have been put in place to protect the integrity of its systems.
The CAC described the breach as affecting “limited aspects” of its information systems, a characterisation that suggests the commission is presenting the incident as contained rather than total, though it did not specify which systems were affected, what data may have been accessed, or how many records may have been compromised.
The CAC advised stakeholders to take precautionary steps while the review continues, including monitoring their records on the commission’s portal, updating login credentials, and remaining vigilant against unsolicited communications that may arise from the incident.
The involvement of NITDA which is the agency responsible for coordinating information technology development and regulation in Nigeria indicates the breach is being treated as a significant cybersecurity event requiring national-level technical response.
The scale of potential exposure is significant. The CAC’s database is one of the largest repositories of business and personal data in Nigeria, containing information on every formally registered business entity in the country from small business owners and churches registered as incorporated trustees to multinational corporations with Nigerian subsidiaries.
In February 2026, the commission disclosed that it processes up to 10,000 business registration requests daily following the deployment of artificial intelligence across its service delivery platforms, and handles an average of 5,000 customer enquiries each day.
The commission reassured the public of its commitment to safeguarding Nigeria’s corporate registry and maintaining the integrity of its systems, adding that updates will be provided as the investigation progresses.
