South Africa’s Companies and Intellectual Property Commission (CIPC) – an agency inside the Department of Trade, Industry and Competition where companies, cooperatives and intellectual property are registered – has issued a mandatory password reset as part of its damage control after it suffered a data breach last week.
Also read: The Big Issue might have to shut down after R600 000 cyber scam
CIPC reported that it had ‘noted an attempted security breach and the compromise of personal information of clients and CIPC employees, held on the CIPC records’ in a statement released on Friday.
According to the statement, the group’s ICT technicians were alerted by its ‘extensive firewall and data protection systems’ and were able to ‘mitigate any possible damage’ by isolating the compromise and shutting down certain systems.
‘The relevant systems are back up and available for processing,’ the group added.
The ransomware gang allegedly responsible for the major hack, however, told MyBroadband that they still have access to parts of CIPC’s systems and have had access since at least 2021.
According to one of the gang’s representatives, the agency’s claim that its firewall and data protection systems were able to mitigate the data breach is completely false, adding that the agency has tried to cover up the fact that it was breached almost three years ago and did nothing to address its weak security.
‘They tried to cover their tracks when we pointed out the basic security holes. They are reckless with sensitive info,’ the publication quoted the ransomware group as saying. ‘This incompetence extended to them processing and storing credit cards in the clear.’
Cape {town} Etc discount: Looking for things to do in the city at half the price? Let these great offers inspire you and fuel your imagination! Get them here.
CIPC made no response to the group’s claims but has urged clients to be vigilant in monitoring of credit card transactions and to only approve/authorise known and valid transaction requests in their initial statement.
‘Unfortunately, certain personal information of our clients and CIPC employees was unlawfully accessed and exposed,’ the statement said. ‘The extent of the exposure is being investigated and will be communicated as soon as possible.’
In its latest update, the group said: ‘In line with securing customer accounts, CIPC has implemented a new customer verification process for SA ID holders as well as Foreign Passport holders’.
According to the statement, the new verification process intends to enhance security for all its account holders.
Looking for a great deal on a car for under R100k? Find car listings here.
Also read:
Moody Meta update: Meta takes to X to confirm massive outage
Picture: Pixabay / Pexels