Alleged 870 GB Data Leak Exposes Nearly One Million Nigerian Loan Records

Context The claim surfaced on X (formerly Twitter) around April 25 2026, when the account Dark Web Informer posted a screenshot and credited the threat actor iProfessor. Fast Credit, a CBN‑licensed micro‑lender, has not confirmed or denied the incident as of April 26 2026. The actor says the data set is being sold on a popular underground forum, with access restricted to five purchasers.

Key Facts - The leaked package is said to be about 870 GB in size and contains 939 887 individual records. - Records reportedly include government‑issued ID scans, loan and credit transaction histories, bank statements, correspondence, contracts, next‑of‑kin details, personal photographs and other confidential files. - A notable subset pertains to Nigerian police and law‑enforcement officers, raising concerns about doxxing, scams, blackmail and threats to officer safety. - Screenshots shared by the actor show sample loan documents and internal files, but the breach remains unverified.

What It Means If the allegations are true, the exposure could fuel identity‑theft schemes, fraudulent loan applications and targeted harassment of police personnel. The incident adds to a string of claimed breaches in early‑to‑mid 2026 affecting Nigeria’s Corporate Affairs Commission, Remita, Sterling Bank and the EFCC, suggesting attackers are exploiting weak points in financial and government networks. For defenders, the event underscores the need to protect loan‑origination systems, enforce strict access controls and monitor for large‑scale data exfiltration.

Mitigations 1. Enforce multi‑factor authentication on all privileged and remote access points (MITRE ATT&CK T1078). 2. Patch known vulnerabilities in web‑facing applications and prioritize CVEs related to file upload and deserialization flaws (e.g., CVE‑2023‑XXXX). 3. Deploy data loss prevention (DLP) rules to detect outbound transfers of archives exceeding 100 MB or containing patterns for ID numbers and loan identifiers. 4. Enable logging of database query and file access events, and forward logs to a SIEM for detection of T1041 (Exfiltration Over Command and Control) and T1566 (Phishing). 5. Conduct regular vulnerability assessments and penetration tests, focusing on third‑party processors and APIs used by lending platforms. 6. Encrypt sensitive data at rest and in transit, and maintain offline, tested backups to limit impact of ransomware or data‑theft attacks.