South African packaging giant hit by data breach

South African packaging giant Nampak suffered a data breach on its systems last week.

In a statement on Tuesday, 26 March 2024, the company said it had detected “unauthorised activity” on its IT systems on Wednesday, 20 March 2024.

“An unknown third party gained access to its IT systems, notwithstanding the company’s robust and embedded security protocols,” Nampak stated.

Nampak said it immediately took the necessary steps to contain, assess and remediate the incident.

“Nampak is taking the necessary measures to determine the scope of the compromise, to restore the integrity of its information systems and to ensure that it is not exposed to further risk,” it stated.

“The company has retained local and global cybersecurity and forensic experts to work with its capable in-house IT team to manage this process.”

Operations continue with manual controls

Nampak said it switched over to its backup manual compensating controls and continued to function using these processes, in line with its business continuity plans.

It maintained that the breach had not affected its manufacturing facilities and operations, which were functioning normally, albeit with “some manual operating systems” required.

It added that it would work with its suppliers and customers to ensure that the impact of the incident is contained and that it can continue delivering products as required.

Nampak said it was aware of its obligations under the Protection of Personal Information Act (POPIA), and an initial notification has already been made to the Information Regulator.

“This will be supplemented as the investigation progresses, and a notification to potentially affected data subjects will be made as soon as possible, in accordance with POPIA requirements,” Nampak said.

“The company will cooperate with the authorities as and when required.”