Hacker behind Sterling Bank breach speaks to Economy Post, says objectives accomplished

A notorious threat actor known as ByteToBreach, who claimed responsibility for the breach at Sterling Bank, has in an exclusive interview with Economy Post confirmed to have gained access to the bank’s systems and exfiltrated a large amount of sensitive data.

ByteToBreach also acknowledged its role in breaches that impacted the Corporate Affairs Commission (CAC), CardinalStone, CRC Credit Bureau, and Remita, claiming access to employee and customer data from several organisations.

The hack, which was first reported online on March 27, 2026, provided the attacker with temporary access to Sterling Bank’s internal systems.

READ ALSO: GTB confirms hackers’ attempt to intercept customers data

“My access to Sterling didn’t last more than three days. There is no point in staying when my objectives are accomplished,” ByteToBreach said in a message to Economy Post.

The threat actor claimed that the breach covered information connected to over 3,000 employee records and about 900,000 customer accounts. The actor also claimed to have a different dataset associated with the asset management and investment banking company, CardinalStone.

The breach was said to include personally identifiable information (PII), raising questions about identity theft, financial fraud, and unauthorised access to private documents.

ByteToBreach further claimed that Sterling Bank’s integration credentials were used to gain access to CRC Credit Bureau. “The CRC Bureau is directly integrated into Sterling’s internal APIs,” the threat actor said.

The threat actor also stated that CardinalStone was targeted due to a potential link to Remita. Remita is a Nigerian financial technology platform which developed SystemSpecs and is the primary payment channel for the Nigerian government’s Treasury Single Account (TSA).

READ ALSO: Hacker demands payment from Sterling Bank to delete leaked data

ByteToBreach further acknowledged that it had compromised the system of the CAC, but it refused to reveal the purpose or extent of the breach.

Additionaly, the threat actor confirmed to Economy Post that Sterling Bank received a ransom demand, but clarified that the stated $1 million figure was incorrect and that the negotiated price was €250,000.

In a more recent development, the threat actor claimed responsibility for a separate attack on Ikeja Electric, disclosing that it gained access to the database of Ikeja Electric Distribution Company, revealing the use of ransomware on dozens of systems and the stealing of confidential customer and employee information.