The Nigeria Data Protection Bureau is investigating Wema Bank and KC Gaming Networks, also known as BetNaija, over alleged breach of data privacy.
While Wema Bank is being investigated after allegations that the bank and its agents have been opening unauthorised accounts for customers with information sourced from their Bank Verification Number details, the betting platform, Bet9ja, suffered a ransomware attack perpetrated by the BlackCat ransomware group on April 6, which the company confirmed two days later.
BlackCat group is considered the successor to BlackMatter and REvil gangs, targeting corporate environments with customisable ransomware.
The bureau, in a statement by the Head, Legal, Enforcement and Regulations Lead, Babatunde Bamigboye, said the investigations were based on complaints received from some customers of the bank alleging the use of their personal data to open accounts.
It added that the investigation is in line with Section 37 of the 1999 Constitution and the provisions of Nigeria Data Protection Regulation 2019 – particularly Articles 2.1(2)-(3), 2.6 and Article 4 of the NDPR.
The statement read in part, “Nigeria Data Protection Bureau has commenced investigations into reports of breach of data privacy involving two major data controllers in Nigeria, namely, KC Gaming Networks (Bet Naija). This is in line with Section 37 of the 1999 Constitution and the provisions of Nigeria Data Protection Regulation 2019 – particularly Articles 2.1(2)-(3), 2.6 and Article 4 of the NDPR.
It will be recalled that sometime in May 2022, some customers of Wema Bank Plc complained of breach of their rights to data privacy and protection by the Bank. This data processing, according to the complaints against the Bank, involves using their personal data to open accounts. The Bureau is also investigating report of breach of data privacy at KC Gaming Networks. The breach in this case involved alleged external attack on the KC Gaming Networks.”