According to the bureau, the investigations are based on complaints received from some customers of a bank alleging the use of their personal data to open accounts.
This was contained in a statement issued on Tuesday by the Head, Legal, Enforcement and Regulations Lead, NDPB, Babatunde Bamigboye.
Wema Bank is being investigated after allegations that the bank and its agents have been opening unauthorised accounts for customers with information sourced from their Bank Verification Number details.
On the other hand, the Nigerian betting platform, Bet9ja, suffered a ransomware attack perpetrated by the BlackCat ransomware group on April 6, which the company confirmed two days after the attack.
BlackCat group is considered the successor to BlackMatter and REvil gangs, targeting corporate environments with customisable ransomware.
The statement disclosed that Wema Bank and Bet9ja were under investigation in line with Section 37 of the 1999 Constitution and the provisions of Nigeria Data Protection Regulation 2019 – particularly Articles 2.1(2)-(3), 2.6 and Article 4 of the NDPR.
The statement read in part, “Nigeria Data Protection Bureau has commenced investigations into reports of breach of data privacy involving two major data controllers in Nigeria, namely, KC Gaming Networks (Bet Naija). This is in line with Section 37 of the 1999 Constitution and the provisions of Nigeria Data Protection Regulation 2019 – particularly Articles 2.1(2)-(3), 2.6 and Article 4 of the NDPR.
“It will be recalled that sometime in May 2022, some customers of Wema Bank Plc complained of breach of their rights to data privacy and protection by the Bank. This data processing, according to the complaints against the Bank, involves using their personal data to open accounts. The Bureau is also investigating report of breach of data privacy at KC Gaming Networks. The breach in this case involved alleged external attack on the KC Gaming Networks.”