A hacker or group of hackers who call themselves ByteToBreach has allegedly broken into the Corporate Affairs Commission (CAC).
The CAC is Nigeria’s official government agency responsible for registering every company, business name, and incorporated trustee in the country.
They say they stole about 25 million documents, which is roughly 750 GB of data, dumped for free on the dark web right now. 
ByteToBreach adds that 25% of the documents are just basic corporate signatures, such as stamps and seals. This means there are over 15 million real documents, including company registration papers, director details, ownership records, filings, and a lot of other business-related documents across Nigeria.
The hacker even posted seven screenshots showing how they did it step-by-step. They showed:
- Breakthrough
- Escalation
- Takeover
- Portals
- Full access
- Gov betrayal (a savage name)
- Exfil time (exfil is stealing the data)
In the tweet by @DarkWebInformer, there are two images, which are screenshots from the hacker’s own dark web post.
One shows the official CAC logo and the list of files as proof. The other image has the hacker’s message explaining the dump and offering 750 GB free with some blurry links, and ending with “JESUS IS KING.”
SEE ALSO: Blessing CEO and the Theft of Suffering
The CAC’s Statement on the Data Breach
Although the CAC itself did not reveal how extensive the CAC data breach was, it stated that the incident involved “unauthorised access to limited aspects” of its information systems.
In a notice released on April 15, 2026, the commission said it is looking into what happened and has already started taking action to handle the situation. It is also working with the National Information Technology Development Agency (NITDA) and other government bodies to find out how serious the breach is.
CAC added that it has already taken steps to control the situation and has put extra security measures in place to protect its systems. Now that these sets of classified information are in the hands of a hacker, they are subject to mishandling. They could be used for identity theft, company scams, fraud, etc.
As investigations continue, the commission has urged stakeholders to regularly check their records on the CAC portal, update their login details, and stay alert to any unsolicited messages that may be connected to the incident.
Before now, ByteToBreach had hit Remita (the country’s government payment system) and Sterling Bank a few weeks ago. They took customer data, transaction logs, and even employee records.
According to GBHackers, ByteToBreach has been leaking and selling data from airlines, banks, governments, and hospitals globally since at least mid-2025. However, apart from this CAC data breach, Nigeria has been a victim several times in 2026.
About The Author
Keep Up to Date with the Most Important News
