Did CDcare’s recovery agent show up at a customer’s home and lie to his landlord?

The message came through at 2:36 pm on March 28. “This is officer ik from cdcare,” it read. “I am with your landlord.”

That was the first time Moses knew that a debt recovery agent had arrived at his place of residence. No prior call. No text. No formal demand of any kind. Just a WhatsApp message from a number he had never seen before, sent while he was at work, telling him a stranger was already speaking to the man who controlled his housing.

What followed was not simply a dispute about a delayed instalment payment. It became a documented case of a consumer credit platform conducting an unannounced home visit, disclosing a customer’s debt to third parties, exposing his national identity data in an unsecured chat, and then lying to his landlord to justify all of it.

Moses cleared his balance two days later. The conduct does not clear with it.

Moses has been on CDcare since 2023. His purchase history shows 21 completed orders across gadgets, appliances, and household items, with no prior default. He is not a new or casual customer. He is the kind of customer a consumer credit platform should want to keep.

In December 2025, he purchased a Renewed Dell Latitude E7470 on a three-month installment plan totalling ₦397,923.88. The final payment was due on February 27, 2026. He did not pay on time.

What happened after is the story.

Tobi Odukoya CEO of CDcare Nigeria and Ayodeji Farohun, COO

The timeline

On March 13, before CDcare escalated anything, Moses reached out himself. Across two separate CDcare WhatsApp numbers, he laid out his situation clearly: he could pay the outstanding balance with added interest at the end of the month, or CDcare could come collect the laptop until he had the funds to clear it. He referenced his three-year history with the platform. “It’s really not an issue, been buying from cdcare since 2023,” he wrote. “Just lemme know what you decide.”

Neither offer received a response from CDcare.

His call log tells the rest of the communication story. The CDcare number, flagged with 20 spam reports on his device, called on March 14, and he answered for 28 seconds. They called again on March 18, and he answered for 19 seconds. They called on March 21, and he answered for 9 seconds. He was not hiding. He was picking up.

On March 27, CDcare messaged again. Moses replied: “Allow the salary to drop, I nor like to owe too.” He also flagged that he had an undelivered item on his account because of the outstanding balance. CDcare’s response was one word: “Ok.”

On March 28, at 2:35 pm, a WhatsApp message arrived from a number he did not recognise, a business account labelled “policy” that joined in November 2024. “Hello,” the first message read. “This is officer ik from cdcare. I am with your landlord.”

The agent had not called Moses before arriving. Had not called after arriving. Now he has met with the landlord.

In the same chat, the agent shared screenshots of Moses’s CDcare account, including his NIN details, his photograph, his date of birth, and his delivery records. He also filmed the compound and sent the video. Moses, at work, replied at 2:42 pm: “Please I’m at work.” The agent called twice more. Moses answered a 30-second call at 2:43 pm.

He was reachable. He had been reachable the entire time.

When Moses later called his landlord, the landlord told him what CDcare’s agent had said: that the company had been calling and texting Moses with no response, and that he had gone silent.

The screenshots, the call log, and the agent’s own WhatsApp message sent while Moses was at work directly contradict that account. Moses had answered CDcare calls on March 14, 18, and 21. He had communicated across three CDcare numbers. While he had missed calls on March 23, 25, and 26, he, however, responded to the March 27 message that same day. The agent had reached him at 2:43 pm on March 28, the same afternoon as the visit.

There is no version of the evidence where Moses was completely unreachable. The claim made to his landlord appears to be a half-truth.

The landlord was not the only person who learned about Moses’s debt that day. A neighbour and a cleaner who does not live on the property were also present when the agent arrived. Moses has since obtained written statements from his landlord, two neighbours, and the cleaning staff.

The policy violations

CDcare’s published terms and conditions, Clause 10(vii), permit the company to send recovery agents to a buyer’s designated address to demand the return of an item. That much is within their rights. A physical visit, on its own, is not the problem.

The problem is what the agent did when he got there. Clause 10(vii) authorises agents to demand the return of an item. It does not authorise them to go directly to a landlord and disclose a customer’s debt situation. It does not authorise them to share NIN details, photographs, date of birth, and account records in a WhatsApp chat. It does not authorise them to misrepresent a customer’s communication history to a third party. None of those actions is covered anywhere in CDcare’s terms.

Disclosing a customer’s outstanding debt to a landlord is not a legitimate purpose of delivery. Sharing NIN details, photographs, and account records in a WhatsApp chat goes beyond what is necessary for any of the stated disclosure categories.

The NIN exposure stands as a separate and specific failure. That data was collected at signup for identity verification. Forwarding it in an unsecured messaging conversation, to a recovery agent who then shows it at a customer’s address, sits outside every disclosure basis CDcare’s own policy permits.

CDcare responds

CDcare provided a written response to Technext’s right-of-reply questions. The company did not deny that a physical visit took place. It described the visit as a last resort, initiated after what it says was over one month of unresolved engagement, including multiple call attempts, WhatsApp contacts, and consistent email reminders.

On the question of reachability, CDcare said its records indicate that multiple call attempts were made over several days prior to the visit and that several of those attempts did not result in successful engagement or payment. That is technically consistent with Moses’s own account: he missed calls on March 23, 25, and 26. What CDcare’s response does not address is the answered calls on March 14, 18, and 21, the WhatsApp exchanges across three numbers, or the March 27 conversation that ended with CDcare saying “Ok” the day before the visit.

On the landlord disclosure, CDcare was direct: its policy strictly prohibits the disclosure of customer financial information to third parties, and the company said it maintains a zero-tolerance stance on such conduct. It then stated that from its review of the incident, the agent interacted with a third party solely for the purpose of identifying himself when challenged and that no customer financial, account, or payment information was disclosed. This directly contradicts Moses’s account and the written statements he holds from the landlord and two neighbours.

On the NIN data, CDcare said there is no evidence that any such information was shared with any third party, and that any customer-related information referenced during the interaction was communicated directly to the customer only.

The screenshot Moses provided shows the agent sharing his NIN details, photograph, date of birth, and account records in a WhatsApp chat. CDcare’s position is that this was shared with Moses, the customer, rather than a third party. The company added that it is reviewing the context and handling of this communication to ensure full compliance with its internal data protection standards.

On the timing of the visit, CDcare pointed to Moses’s own March 13 message in which he offered to let CDcare collect the laptop as partial justification for the visit. CDcare never responded to that offer at the time. The WhatsApp records show no reply from CDcare acknowledging or accepting the collection offer before the agent arrived on March 28.

What the law says

This case engages Nigerian law on two fronts.

On data privacy, the Nigeria Data Protection Act 2023 (NDPA), signed into law on June 12, 2023, requires that personal data be processed fairly, lawfully, and transparently, collected for specified and legitimate purposes, and not shared beyond those purposes.

Section 24(1) of the Act is explicit on this. Sharing a customer’s debt status, identity data, and photographs with a landlord, two neighbours, and a cleaner, without a court order and without contractual basis, sits in direct conflict with those requirements.

The NDPA established the Nigeria Data Protection Commission (NDPC) as its enforcement authority. Moses has already filed a formal data breach complaint with the NDPC. The commission has confirmed receipt and the status is listed as open, making this a live government investigation.

On consumer protection, the Federal Competition and Consumer Protection Act 2018 (FCCPA) prohibits suppliers from using physical force, coercion, undue pressure, or harassment in the course of debt recovery.

Any undertaking that violates a consumer’s rights faces liability for damages and restitution. The FCCPC’s September 2025 Digital Lending Regulations, issued under the FCCPA, specifically ban disclosing borrower information to third parties without consent and carry fines of up to NGN100 million or 1% of annual turnover for violations. CDcare operates in this regulated space.

Moses has also retained legal representation. Citizen Gavel, a Lagos-based legal tech firm, has taken up the case.

He paid anyway

On March 30, 2026, two days after the home visit and two days after he went public on social media, Moses paid N145,371.81. CDcare’s own payment system sent a confirmation email. The Renewed Dell Latitude E7470 is now fully paid. Total settled: NGN397,923.88.

That payment matters for one reason. It removes any remaining ambiguity about whether this story is about a defaulter or about conduct. Moses was never permanently unwilling to pay. He was asking for time, communicating openly, and proposing alternatives. He paid as soon as he could.

The debt is settled. The questions about how CDcare pursued it are not.

The post Did CDcare’s recovery agent show up at a customer’s home and lie to his landlord? first appeared on Technext.