Statistics South Africa (Stats SA) has been hacked.
The agency says the cybersecurity breach was limited to a single human resources database used specifically by job seekers for online applications.
A cybercrime group known as XP95 has claimed responsibility for the ransomware attack.
The group has reportedly demanded about R1.7 million in exchange for not releasing the stolen data.
How has Stats SA responded to the hackers?
Stats SA has explicitly stated that it will not pay any ransom.
It says it is working with the Information Regulator and wider government cybersecurity response teams to investigate the scope of the compromise.
Last week, the Auditor-General warned that weak cybersecurity is putting South African government departments and public services at risk.
AG flags critical cybersecurity gaps
Auditor-General Tsakani Maluleke said that weaknesses in government cybersecurity systems are exposing public institutions to growing risks.
Maluleke said gaps in IT controls, skills shortages and outdated systems are leaving departments vulnerable to cyber attacks.
She says poor oversight and over-reliance on service providers are further weakening the state’s ability to safeguard information.
Maluleke warned that these failures could disrupt service delivery and compromise sensitive data.
“So, what we’re calling for is that there must be an effort to make sure that the capabilities exist. There must be an effort to ensure that there are adequate skills, that ICT is taught and dealt with as a strategic service within institutions, but also at the centre of government.”
ALSO READ: Man killed in M7 truck crash
Maluleke called for stronger oversight and discipline to improve public trust.
“We have got recommendations and a call to action for the executive leadership as well as to oversight. And these touch on the area of planning, where, with the medium-term development plan now in place, there must be attention to ensuring that the key goals and objectives and performance measures are cascaded to the right departments and entities.
“That they’re appropriately budgeted for, and those activities are delivered upon, and that there must be oversight to check that accounting officers are doing what should be done in accordance with the budget and the given objectives.”
SA must take cybercrime more seriously
One of the country’s cybersecurity experts believes this type of crime is not being taken seriously enough in South Africa.
Thabo Johnson says cybercrime has increased dramatically since 2019.
“Any interaction with different spheres of business, government or individual, is because the cybercrime is not a physical crime and, therefore, people won’t take it very seriously.
“Our laws as well, are not as strict as the international laws.”
Find us on social media
Follow the ECR Newswatch WhatsApp channel here
We are also on Facebook and X (formerly Twitter)
