The Nigeria Data Protection Bureau (NDPB) says it is investigating Wema Bank PLC and KC Gaming Networks(BetNaija), for alleged breach of customers’ data privacy.
The bank is accused of opening accounts for customers without their request or authorisation, while KC Gaming is probed over external attacks on its data.
“At this stage, the objectives of these investigations as directed by the National Commissioner of the Bureau, Vincent Olatunji, are to determine the impact of the breaches on the affected data subjects and the remedial actions taken by the concerned data controllers,” the NDPB said in a statement signed by the Legal, Enforcement & Regulations Lead, Bolu Bamigboye, said.
The Bureau assured members of the general public that it will ensure proper accountability of the data controllers in the ongoing investigations.
“This data processing, according to the complaints against the Bank, involves using their personal data to open accounts. The Bureau is also investigating a report of breach of data privacy at KC Gaming Networks. The breach in this case involved alleged external attack on the KC Gaming Networks,” it said.
The investigation follows complaints from people who received messages indicating accounts had been opened for them at Wema Bank without their permission.
Micheal Ikoro, a lawyer, told PREMIUM TIMES he received three messages from Wema Bank on March 21 without owning an account with the institution.
The first message said, “Successful registration on 945, Dail *945000# to change your default pin.”
The second read, “Your new account has been opened,” and the last said, “The sum of N50 has been credited to your account”.
He said the credit alert unusually came without a name.
“On March 31 (my birthday), the bank sent their good wishes,” he said on the phone.
Mr Ikoro told PREMIUM TIMES he was keeping records of the mails. He later sent a message to the bank on Twitter, but kept receiving automated replies from the bank.
He went to the bank’s regional office in the Central Business District in Abuja, where he submitted a letter to the bank.
“The manager of the bank agreed that they (the bank) opened the account but on the request from an organisation,” he said.
“I asked them to give me the details of the organisation in writing, but nothing has been sent to me,” he added.
A Twitter user, Arya Stark, wrote “A fake account opened with my data, BVN inclusive. All I want from @wemabank is to send me the details of all the transactions done in my name by the imposter. I’m not asking for too much.”
On Friday, the Federal Competition and Consumer Protection Commission (FCCPC) urged Wema Bank to provide details on numerous allegations of unsolicited account-opening for people who are not its customers. The commission made the call in a tweet posted on its official handle on Friday.
“Can Wema Bank comment publicly on the message that consumers without Wema Bank accounts are receiving across the country, allegedly from the bank?
This situation is widespread and cannot be a DM ( direct message) issue anymore. Wema Bank has to come clean,” the commission said in the tweet.
Wema Bank’s head marketing, communication and investor relations, Funmilayo Falola, told PREMIUM TIMES that the bank had not received any letter from any agency regarding the issue.
Ms Falola said the bank had begun investigation into the account-opening matter after customers complained about the breach of data privacy.
She said the bank did not open accounts without the owners’ permission.
“We don’t open accounts without people’s permission, we don’t know why people are reporting such,” she said.
In a earlier statement, the bank echoed the same position.
“We would like to reassure our customers that we keep all customer data confidential. Do note, however, that no account can be activated except by the owner of the account, when the person downloads the app and proceeds with account confirmation,” it said.
It advised customers to keep their personal details safe as scammers are on the prowl and would use all opportunities to defraud customers.
“Where you think your data may have been compromised, please change all your passwords and PINS immediately,” it said.