Providus Bank Customers Count Losses Following Data Breach And Unauthorized Debits
Customers of ProvidusUnity Bank have reported a series of unauthorized card transactions months after a widespread data breach affected multiple public institutions in Nigeria. Several affected accountholders took to social media on Friday to share their experiences publicly, while others confirmed the financial anomalies to journalists under the condition of anonymity.
When contacted regarding these irregular debits, the spokesperson for ProvidusUnity Bank, Dafe Ivwurie, neither confirmed nor denied the claims made by the customers. The bank has not yet released an official institutional statement to clarify the root cause of the unauthorized activity or outline specific remediation steps for affected accounts. “Will do some internal investigation and revert,” he told Newsmen.
However, the spokesperson told journalists that he would revert with more information on the matter, a promise he has yet to fulfill at the time of reporting. This lack of confirmation leaves affected account holders without clear guidance on how to secure their accounts against the ongoing unauthorized debits.
The incident follows a major cybersecurity crisis in March 2026, when sensitive data from Sterling Bank, Remita, and other prominent financial institutions was compromised by hackers. A threat actor operating under the alias Bytetobreach claimed responsibility for the cyberattack and subsequently published the sensitive information of these affected public and private entities online.
In response to the leaks, the Nigeria Data Protection Commission (NDPC) formally intervened in April 2026, announcing the commencement of a full-scale regulatory investigation into the breach. However, three months after that initial announcement, the NDPC has yet to publish the final outcome of its investigation or issue comprehensive safety directives for the public.
Journalists reached out to Babatunde Bamigboye, the Head of Legal, Enforcement, and Regulations at the Nigeria Data Protection Commission (NDPC) , to inquire about the fresh complaints raised by ProvidusUnity Bank customers. However, the regulatory official had yet to respond to the inquiry at the time of reporting. This silence leaves both consumers and industry analysts without official guidance on whether the recent unauthorized transactions are directly linked to the broader, ongoing cyber-threat environment in the country.
The vulnerability of the financial sector reflects a wider, systemic cybersecurity crisis across the nation. Surfboard, a global cybersecurity firm, reported that Nigeria recorded 281,000 email breaches by hackers in the first three months of 2026 alone. Recognizing the escalation of these cyber threats, the Minister of Communications, Innovation, and Digital Economy, Bosun Tijani, promised in June 2026 to investigate the illegal sale of citizens' personal information by unauthorized websites through the NDPC.
This threat environment expands rapidly as millions of citizens transition into the digital economy. Recent data from the Nigerian Communications Commission (NCC) shows that the country now has 148 million active internet users, with over 130 million individuals enrolled in the National Identification Number (NIN) database out of an estimated total population of 250 million. The rapid digitization of identification and financial services has drastically increased the volume of sensitive assets stored online.
As a direct result of this massive digital shift, the prevalence of data breaches has evolved into an everyday threat to the personal and financial security of citizens. With the vast majority of the population now dependent on connected platforms for daily banking, trade, and communication, the lack of swift regulatory resolution and institutional transparency continues to leave millions of consumers exposed to continuous cyberattacks and unauthorized financial exploitation.
