Lagos-based Fintech, E-settlement has been slapped with a 5million Naira fine for breach of data. The company was fined by the National Information Technology Development Agency (NITDA) after an audit of its recent activities and processes.
Based in Lagos Nigeria, E-settlement is an online payment solutions provider. The company has a self-proclaimed agenda of creating jobs and promoting financial inclusion in Africa.
To achieve this lofty goal, the company has established a wide agent network that explains its access to a broad amount of data.
Sadly, the company was found guilty of compromising the privacy of data belonging to people within its network.
NITDA went through statutory procedures before giving its verdict and issuing the fine. The process started with an investigation/audit of the company’s websites and applications.
Following that, the agency paid a visit to E-settlement’s Lagos office.
After the visit, technical documents were obtained and reviewed while key stakeholders within the company were polled.
At the end of the process, the NITDA could assert that there was a data breach involving the company.
The reaction
Following the verdict, E-settlement has taken full responsibility for its actions and has made moves to mitigate the risks that could ensue from the breach.
With a guide from NITDA, the company is currently updating identified security issues.
According to a NITDA representative, “The objective of our investigation was to assess the risk resulting from the breach, to identify the causes, remedial actions taken and other necessary issues to avoid recurrence.”
ALSO READ: Nigerians Will Now Pay ₦6.98 For All USSD Transactions
Mrs Hadiza Umar, Head, Corporate Affairs and External Relations, NITDA, said that in compliance with the Nigeria Data Protection Regulation and the need to prevent a reoccurrence of this event, NITDA laid down the following directions;
The guilty company, E-settlement Ltd will be under NITDA supervision for six months.
NITDA’s oversight function during the period will cover the implementation of prescribed security controls and processes.
In a statement, NITDA sounded a warning to other data controllers within the country. The company encourages them to adopt necessary measures to protect the personal data of its users.
Found this interesting? Share!