The Corporate Affairs Commission (CAC), the regulatory body responsible for the registration and management of companies in Nigeria, has initiated a comprehensive system review following a detected cybersecurity incident. This report outlines the nature of the incident, actions taken, stakeholder guidance, and the Commission’s ongoing commitment to data security.
Background of the Incident
The Commission identified a cybersecurity breach involving unauthorized access to limited components of its information systems. While the full extent of the breach is still under investigation, preliminary findings indicate that the intrusion was contained to specific areas and did not compromise the entirety of the system.
Cybersecurity incidents of this nature pose potential risks to sensitive corporate data, user credentials, and overall system integrity, necessitating immediate and coordinated response measures.
Immediate Response Measures
Upon detection of the incident, CAC promptly activated its internal cybersecurity response protocols.
Key actions taken include:
- Rapid identification and isolation of affected system components
- Deployment of containment strategies to prevent further unauthorized access
- Implementation of additional security safeguards across its digital infrastructure
- Continuous monitoring for unusual system activities
These measures were aimed at minimising risk exposure and ensuring operational continuity.
Collaboration with Relevant Authorities
The CAC is working closely with the National Information Technology Development Agency (NITDA), alongside other relevant government agencies and technical partners.
This collaboration focuses on:
- Conducting a thorough forensic investigation
- Assessing the scope and impact of the breach
- Strengthening cybersecurity defenses
- Ensuring compliance with national data protection and cybersecurity standards
Ongoing System Review and Risk Assessment
The system review remains ongoing, with emphasis on:
- Determining the extent of unauthorized access
- Identifying any vulnerabilities exploited during the incident
- Evaluating potential data exposure risks
- Enhancing incident detection and response frameworks
The outcome of this review will inform future security upgrades and policy adjustments.
Advisory to Stakeholders
In light of the incident, CAC has issued the following guidance to all stakeholders, including businesses, legal practitioners, and the general public:
- Regularly monitor records on the CAC online portal for any unusual activity
- Update login credentials immediately, using strong and unique passwords
- Enable additional security measures where available
- Exercise caution when receiving unsolicited communications, particularly those requesting sensitive information
These precautions are essential in mitigating risks associated with potential phishing or unauthorised access attempts.
Commitment to Data Security and Transparency
The CAC has reaffirmed its commitment to maintaining the security, integrity, and reliability of Nigeria’s corporate registry. The Commission emphasizes transparency and has pledged to provide timely updates as more information becomes available.
Efforts are being intensified to strengthen system resilience, prevent future incidents, and maintain stakeholder trust.
Conclusion
The cybersecurity incident currently under review highlights the growing importance of robust digital security frameworks in public sector institutions. While the breach involved limited system access, the CAC’s swift response and collaboration with regulatory authorities demonstrate a proactive approach to risk management.
Ongoing investigations and enhanced safeguards are expected to further secure the Commission’s systems and protect stakeholder data.
