CAC Breach Confirmed: ByteToBreach Claims 25 Million Nigerian Corporate Documents Leaked
ByteToBreach has now targeted multiple high-value systems, including Remita and CAC in quick succession. The alleged exfiltration of 25 million documents, including corporate signatures, director details, and registration records
LAGOS, NIGERIA — Nigeria’s Corporate Affairs Commission (CAC), the government agency responsible for company registration and corporate compliance, has officially confirmed a cybersecurity incident involving unauthorised access to parts of its information systems. The breach comes amid claims by a threat actor known as ByteToBreach that approximately 25 million documents were exfiltrated from the agency’s infrastructure.3
In a public notice issued on Wednesday, April 15, 2026, CAC management stated: “The Corporate Affairs Commission (CAC) is currently reviewing a cybersecurity incident involving unauthorised access to limited aspects of its information systems.” The commission said it promptly activated its incident response protocols and is collaborating with the National Information Technology Development Agency (NITDA) and other relevant government partners to assess the full scope and impact of the breach.25
CAC has not disclosed the exact scale of the incident, which specific systems were affected, or whether data was successfully exfiltrated. However, the agency has advised all users, particularly businesses and individuals with registered companies, to immediately update their login credentials as a precautionary measure.15
Hacker Claims: 25 Million Documents Allegedly Leaked
The confirmation follows public claims by the threat actor ByteToBreach, who posted proof-of-access screenshots detailing seven stages of the alleged intrusion:
BREAKTHROUGH
ESCALATION
TAKEOVER
PORTALS
FULL_ACCESS
GOV_BETRAYAL
EXFIL_TIME
According to widely circulated reports in cybersecurity communities, the actor claims to have exfiltrated around 25 million documents, with approximately 25% consisting of corporate signatures and the remainder (over 15 million files) containing substantive corporate records. A 750 GB portion of the alleged data was reportedly made available for free download on the dark web, with server limitations cited as the reason not all files were uploaded.
ByteToBreach has been linked to several recent high-profile breaches in Nigeria, including incidents involving payment platform Remita and Sterling Bank. The group is described in earlier cybersecurity analyses as a prolific data-leak operator active since at least mid-2025, targeting banks, governments, and other organisations globally.8
Implications for Nigerian Businesses and the Corporate Registry
The CAC portal serves as the central database for company registrations, director details, share structures, and compliance documents for millions of Nigerian businesses. Should the hacker’s claims prove accurate, the breach could enable serious risks including:
- Forgery of company documents using real signatures and director information
- Illegal changes to company ownership or directorship
- Fraudulent loan applications, tax filings, or bank account openings in the name of legitimate companies
Cybersecurity experts and commentators on platforms like Nairaland and X have warned that the combination of CAC data with earlier breaches of banking and payment systems could amplify identity theft and corporate fraud risks across the country.6
This incident forms part of a troubling pattern of cybersecurity failures affecting Nigeria’s critical digital infrastructure in recent months.
CAC’s Response and Next Steps
While CAC has stopped short of confirming the full extent of any data loss, its swift public acknowledgement and collaboration with NITDA signal an active response. The commission has urged vigilance and credential updates but has not yet provided a timeline for completing its internal investigation or notifying affected parties individually.
Business owners are encouraged to:
Change passwords on the CAC portal immediately
Enable any available multi-factor authentication (MFA) options
Monitor company records for suspicious activity
Report any anomalies to CAC support
TechBlit Takeaway
Nigeria’s accelerating digital economy, powered by platforms like the CAC’s Intelligent Company Registration Portal, remains vulnerable to sophisticated threat actors. This latest breach underscores the urgent need for stronger investment in cybersecurity infrastructure, regular penetration testing, and transparent incident reporting across government agencies.
As investigations continue, TechBlit will monitor developments and provide updates on any confirmed data exposure or regulatory actions by the Nigeria Data Protection Commission (NDPC) or other authorities.
Stay secure. Update your credentials today.