Nigeria’s banking sector is grappling with a growing wave of unauthorised withdrawals and account breaches, leaving thousands of customers financially devastated and emotionally drained.

Reports from cybersecurity firm Surfshark Nigeria indicate that cyber theft risk rose by 56% in the first half of 2025, impacting about 152,000 accounts.

Social media has become awash with viral videos of distressed customers confronting bank staff over vanished funds.

The situation lays bare significant weaknesses in banks’ security systems and heightens anxiety among depositors.

Nigeria ranks high for data breaches

While the country’s shift to digital banking has boosted inclusion and operational efficiency, investigations reveal that it has also introduced significant vulnerabilities.

Many customers discover their accounts have been emptied even after notifying their banks about lost cards or suspicious activities, with institutions often refusing liability and shifting the burden to victims.

Surfshark Nigeria noted that more than half (56%) of those affected by data leaks are at heightened risk of both bank theft and identity fraud, despite an overall decline in breach numbers.

The report also noted that Nigeria ranked third in Sub-Saharan Africa for total data breaches, with about 13 million accounts compromised since 2004.

In 2024 alone, the Nigeria Inter-Bank Settlement System (NIBSS) estimated that fraudsters stole roughly N400 million through accounts opened with stolen identities—figures experts believe are under-reported.

Reviewed cases show a recurring trend which includes stolen ATM cards, hacked mobile apps, and suspicious debits often met with delayed or no action from banks, allowing criminals to empty accounts within hours.

Surfshark’s data also revealed that globally, the total compromised accounts dropped by 93%, from 973.7 million in Q4 2024 to 68.3 million in Q1 2025.

The countries hardest hit by these breaches were the United States (16.9 million cases), Russia (4.4 million), India (4.2 million), Germany (3.9 million), and Spain (2.4 million).

On a per-capita basis, France recorded the highest breach density at 172 compromised accounts per 1,000 people, trailed by Israel (130), the United States (123), Singapore (26), and Canada (24).

CBN takes action on rising fraud cases

Under mounting public pressure, the Central Bank of Nigeria (CBN) has pledged to investigate rising fraud cases and sanction negligent institutions.

The apex bank has urged affected customers to formally lodge complaints with its consumer protection department and is reportedly reviewing some banks for repeated security lapses.

The CBN had earlier called on banks nationwide to make substantial investments in cybersecurity to safeguard depositors’ funds from hackers.

According to Luís Costa, Surfshark’s research lead, even though the number of vulnerable accounts fell across all major regions in Q1 2025 compared to the previous quarter, individuals must stay alert and maintain robust security habits.

Costa said:

“To protect personal and organisational data, it is essential to follow strong security practices, regularly update passwords, enable 2FA, and stay informed about potential risks.”

Although measures such as the Nigeria Data Protection Act exist, poor enforcement and inadequate digital practices among users continue to pose serious challenges.

Industry analysts warn that while technology has revolutionised Nigeria’s banking landscape, regulatory oversight, transparency, and robust consumer protection mechanisms must advance in parallel to keep customers safe.