A devastating ransomware attack by the group ByteToBreach has compromised over 15 million sensitive documents from Nigeria’s Corporate Affairs Commission (CAC), severely undermining national efforts to combat money laundering and corporate fraud.
Nigeria’s digital security infrastructure has suffered a major blow following a massive ransomware attack on the Corporate Affairs Commission (CAC) by a group known as ByteToBreach. The hackers reportedly exfiltrated approximately 25 million files, totaling 750 gigabytes of data, with at least 15 million of those identified as highly sensitive corporate documents. The breach included screenshots of the infiltration process, one of which was mockingly labeled ‘GOV_BETRAYAL,’ signaling the hackers’ total control over the system. In immediate response, the CAC suspended its registration portal to prevent further damage, while the Nigeria Data Protection Commission (NDPC) launched a comprehensive investigation into the incident.
The implications of the leak are catastrophic for Nigeria’s financial transparency, as the stolen data contains critical beneficial ownership records. These records were the cornerstone of recent reforms led by Registrar-General Hussaini Magaji to expose shell companies used for money laundering and corruption. With this “master key” now in the hands of cybercriminals, experts warn that the database intended to help the Economic and Financial Crimes Commission (EFCC) and banks verify corporate identities has been completely compromised. The data includes legal identities, company structures, and directors’ information, making it a goldmine for identity theft, blackmail, and the creation of sophisticated fraudulent enterprises.
Security analysts emphasize that this attack is part of a broader, systemic targeting of Nigeria’s vital financial systems, following recent breaches at Sterling Bank and the Remita payment platform. The loss of integrity in the national register threatens the foundation of corporate due diligence and legal verification across the country. Highlighting the gravity of the situation, system security expert DeMayor stated: “When a bank conducts due diligence on a corporate client, it checks the CAC. When a court needs to establish legal ownership of a company, or…”
READ THE FULL STORY IN BUSINESS DAY