• The Corporate Affairs Commission confirmed unauthorised access to parts of its systems
• The commission advised users to update their passwords and monitor their records
• CAC said it is working with the National Information Technology Development Agency and other partners to assess the breach

The Corporate Affairs Commission has disclosed a security breach involving unauthorised access to parts of its systems and advised users to immediately update their login credentials as a precaution.

In a public notice issued on Wednesday, April 15, the Commission said it is reviewing a cybersecurity incident that affected limited parts of its information systems.

According to the Commission, it has already activated its response protocols and is working with the National Information Technology Development Agency, alongside other government agencies and partners, to determine the full scope and impact of the breach.

CAC said it is currently reviewing a cybersecurity incident involving unauthorised access to limited parts of its information systems.

It added that it had activated response measures and is working with NITDA and other partners to evaluate the extent of the breach.

“Appropriate containment measures have been implemented, and additional safeguards are in place,” the Commission said.

The agency also urged stakeholders to keep a close watch on their records on the CAC portal, update their login details, and remain cautious about suspicious emails, calls, or other unsolicited messages.

“While the review is ongoing, stakeholders are advised to monitor their records on the CAC portal, update login credentials, and remain cautious of unsolicited communications.”

Meanwhile, Dark Web Informer, an anonymous X account known for tracking cybercrime activities globally, alleged that around 25 million documents may have been exfiltrated from CAC’s systems.

Although the claim has not been independently verified and CAC has not confirmed it, Dark Web Informer alleged that the actor behind the breach is ByteToBreach.

Despite the incident, CAC reiterated its commitment to protecting the integrity and security of Nigeria’s corporate registry and promised to provide further updates when necessary.

The Commission remains one of Nigeria’s most important regulatory agencies, overseeing the registration and management of companies, business names, and incorporated trustees across the country.

Earlier in February 2026, CAC revealed that it processes as many as 10,000 business registration requests daily after deploying artificial intelligence across its service delivery systems.

According to Registrar-General Hussaini Magaji, the Commission also handles about 5,000 customer inquiries daily through its email and call centre channels.

In 2025, CAC deregistered more than 400,000 companies over prolonged inactivity and failure to meet statutory requirements.

CAC to offer free registration for 3,500 small businesses nationwide

Meanwhile, TheRadar earlier reported that the Corporate Affairs Commission (CAC) had unveiled a nationwide initiative to register 3,500 small businesses free of charge across Nigeria’s 36 states and the Federal Capital Territory (FCT).

The commission’s Registrar-General, Hussaini Magaji, explained that the programme is intended to ease the financial burden of business formalisation for micro and small enterprises while motivating more entrepreneurs to operate within the formal sector.

According to Magaji, the move underscores the commission’s dedication to fostering entrepreneurship, cutting start-up costs, and promoting inclusive economic growth nationwide.