CAC Under Fire as Millions of Company Records Are Exposed

The Corporate Affairs Commission has confirmed that it suffered a cybersecurity incident involving unauthorized access to parts of its information systems, adding official weight to recent reports that data linked to millions of registered companies may have been compromised.

In a statement released on Wednesday through its official X account, the commission said the breach affected only limited aspects of its database. While the agency did not specify exactly which records or services were touched, the confirmation is likely to heighten concern among businesses and stakeholders who rely on the commission’s platform for company registration and corporate records.

According to CAC, it moved quickly after detecting the incident and immediately activated its response procedures to contain the breach and reduce further risk. The commission said it is now working with the National Information Technology Development Agency, along with other relevant government agencies and partners, to examine the scale of the attack and understand its full impact.

The agency also said it has already put containment measures in place and introduced additional safeguards to reinforce the security of its systems. That suggests efforts are underway not only to stop any ongoing threat but also to prevent a repeat incident while investigations continue.

The confirmation comes shortly after reports emerged claiming that records tied to millions of companies in the CAC database had been hacked. Although the commission has now acknowledged unauthorized access, it has not yet said whether personal or corporate data was extracted, altered, or exposed to the public.

That leaves key questions unanswered. Businesses, compliance professionals, and legal operators will now be waiting for further clarification on the exact nature of the breach, the categories of data affected, and whether affected entities will be formally notified.

For now, the CAC has taken the position that the incident is under review and that the relevant authorities are involved. But the case is likely to draw wider attention because of the commission’s central role in maintaining official business records in Nigeria. 

Any breach involving that kind of system raises concerns not only about data privacy, but also about trust in the digital infrastructure supporting corporate registration and regulation.