The Nigeria Data Protection Commission (NDPC) has opened a full-scale investigation into the technical error that compromised the 2025 Unified Tertiary Matriculation Examination (UTME), raising serious concerns over data protection and the integrity of public digital infrastructure.
The development follows a May 14 press briefing where Prof. Ishaq Oloyede, Registrar of the Joint Admissions and Matriculation Board (JAMB), confirmed that technical glitches at 157 examination centres affected the results of 379,997 candidates. Oloyede attributed the problem to faulty server updates in JAMB’s Lagos and South-East zones, which prevented the upload of candidates’ responses during the first three days of the examination.
In response, JAMB organised a resit for the affected candidates to ensure fairness. However, the NDPC says the situation calls for a deeper examination, particularly in regard to personal data security.
In a statement issued on Tuesday, Itunu Dosekun, head of NDPC’s media unit, said the probe would assess the extent to which candidates’ personal data may have been exposed and whether JAMB or its third-party partners violated national data protection laws.
“The commission has initiated a full-scale investigation into the alleged breach at the Joint Admissions and Matriculation Board,” the statement read, adding that the incident highlights concerns about the technical and organisational safeguards in place at various examination centres.
The NDPC also revealed that the breach may be part of a broader pattern of cyberattacks on national digital systems. At least 20 suspects are currently in the custody of the Department of State Services (DSS) and the Nigerian Police in connection with related offences, and over 100 notorious hackers have been linked to cyber threats against institutions such as JAMB.
“Over 100 notorious hackers are linked to targeting national examination bodies such as JAMB,” the commission added.
As part of its investigation, the NDPC plans to carry out a “systemic audit” of JAMB’s data processing activities, focusing especially on how sensitive personal data is handled by third-party service providers.
The commission said it remains committed to safeguarding the digital rights of Nigerians and holding accountable any institution that fails to comply with the country’s data protection framework.
Melissa Enoch
Follow us on:
