The Nigeria Data Protection Commission (NDPC) says it has launched an investigation into the technical error in the 2025 Unified Tertiary Matriculation Examination (UTME).
During a press conference on May 14, Ishaq Oloyede, JAMB registrar, admitted to a technical error that compromised UTME results in 157 exam centres.
Oloyede had said the results of 379,997 candidates were affected by the technical error.
The JAMB registrar added that the board discovered discrepancies linked to faulty server updates in its Lagos and south-east zones, which led to the failure to upload candidates’ responses during the first three days of the examination.
Advertisement
The examination body has since conducted a resit examination for the affected candidates.
Itunu Dosekun, head of the NDPC media unit, said the agency will now probe the technical errors of the 2025 UTME.
In a statement on Tuesday, he said the probe aims to determine the extent to which the personal data of candidates may have been exposed and whether JAMB or its partners violated data protection laws.
Advertisement
NDPC said the breach, which came to light after JAMB admitted that a system error affected 379,997 candidates across 157 centres in Lagos and the south-east, raises concerns about the adequacy of technical and organisational safeguards at some examination centres.
“The commission has initiated a full-scale investigation into the alleged breach at the Joint Admissions Matriculation Board (JAMB),” the statement reads in part.
NDPC noted that while arrests have been made, with at least 20 suspects currently in the custody of the Department of State Services (DSS) and the Nigerian Police, the breach appears to be part of a broader pattern involving cyberattacks on public digital infrastructure.
“Over 100 notorious hackers are linked to targeting national examination bodies such as JAMB,” the commission added.
Advertisement
NDPC further said the investigation would include a “systemic audit” of JAMB’s data processing activities, with particular attention to how third-party service providers manage sensitive personal data.