A Nigerian microfinance lender, Fast Credit Finance Company Limited, has been hit by an alleged cyber breach exposing nearly one million customer records, underscoring mounting threats to the country’s financial sector. The incident, still unverified, has triggered public concern and debate over the safety of digital banking in Nigeria.
The breach was first flagged on April 25 by a threat intelligence account on X, which linked the attack to a hacker known as “iProfessor.” According to claims, the attacker is offering 870 gigabytes of data containing 939,887 records for sale on a cybercrime forum, limited to five buyers. Screenshots shared online appear to show loan documents and internal records, though neither Fast Credit nor regulators have confirmed the authenticity.
The alleged stolen data includes personal identifiable information, government-issued ID scans, bank statements, loan records, and even photographs. Of particular concern is the inclusion of records belonging to Nigerian police officers and law enforcement personnel, raising fears of targeted scams, blackmail, and risks to ongoing investigations.
Public reaction has been swift. Many Nigerians expressed alarm on social media, questioning whether financial institutions are adequately prepared to defend against increasingly sophisticated cyber threats. Advocacy groups have called for stronger enforcement of Nigeria’s Data Protection Act, warning that breaches of this scale could erode trust in digital banking.
Others voiced frustration that banks and regulators often remain silent after such claims, leaving customers uncertain about the safety of their accounts. Critics argue that transparency is essential to rebuilding confidence, especially as more Nigerians rely on mobile and online platforms for financial transactions.
This incident is part of a wider surge in cyberattacks across Nigeria’s critical sectors in 2026. The Corporate Affairs Commission, Sterling Bank, Remita, and Lagos State University have all been targeted in recent months, with attackers claiming to have exfiltrated millions of files. Analysts say the pattern reflects a growing focus by international cybercriminals on African financial systems.
Security experts warn that breaches involving Bank Verification Numbers (BVNs), National Identification Numbers (NINs), and loan records could enable large-scale fraud, identity theft, and money laundering. They stress that Nigerian institutions must invest in stronger cybersecurity infrastructure and incident response protocols to mitigate risks.
For now, the Fast Credit breach remains unverified, but the claims have already heightened anxiety among customers and regulators. Whether confirmed or not, the incident highlights the urgent need for Nigeria’s financial sector to strengthen defenses against cybercrime and reassure the public that their data is secure.
