South Africa’s trade watchdog suffers ransomware attack — warns of data leaks

The International Trade Administration Commission of South Africa (ITAC) has warned its employees and trading partners that their data may have been breached following a ransomware attack it suffered on 2 January 2024, according to a News24 report,

The publication has seen an ITAC statement from Monday, 15 April 2024, revealing it had been hit by a security breach locking employees out of its system and encrypted files.

MyBroadband spoke to an ITAC spokesperson for confirmation. However, they said they could only send the statement once the ITAC had consulted with its lawyers about how to approach media enquiries.

Following the attack, the ITAC shut down its systems to update security measures, including its firewall.

ITAC chief commissioner Ayabonga Cawe said that despite these measures, private information of ITAC employees, service providers, and importers, among others, had been accessed during the attack.

“We are publishing this notice to alert all stakeholders to the fact that there is a chance this security compromise may affect them,” News24 quoted Cawe as saying.

“It is therefore important that you know that the person who perpetrated the security compromise may have accessed, and possibly extracted, personal information that you submitted to ITAC.”

He added that the ITAC’s investigation into the incident and restoration measures had delayed reporting the data breach.

The ITAC is also consulting with South Africa’s Information Regulator on the matter. The regulator must be notified of any data breaches which compromised the information of South Africans.

The ITAC is at least the second government-run entity to suffer a ransomware attack in 2024,

Orange Cyberdefense says South Africa and Africa as a whole are becoming a significant target for cybercriminals.

The Government Employees Pension Fund (GEPF) suffered a ransomware attack in February 2024. As a result, some of its systems have been offline for two months.

The GEPF initially said there was no outage following the attack, adding that its administrator — the Government Pensions Administration Agency (GPAA) — had shut down its systems to protect itself against a systems breach.

“There was no outage. The systems were shut down by our administrator (GPAA) as a security measure due to an attempt to gain unauthorised access to our systems,” it said.

“It is important to note that this system shutdown did not compromise our data nor affect payments to be made to pensioners.”

However, the GPAA later revealed that it had shut down its systems following a ransomware attack by the notorious LockBit group.

Only after the ransomware group dumped a 668GB file containing data allegedly stolen from the GPAA, including scans of at least one senior government official’s passport, did the GPAA confirm the ransomware attack.

The GEPF described the data breach as “extremely concerning”, considering the GPAA told it that it hadn’t suffered a data breach.

Following the attack, MyBroadband spoke to lead security researcher at Orange Cyberdefense, Diana Selck-Paulsson. She said Africa is becoming a significant target for cybercriminals.

She said Africa as a region had shown the third-highest growth in cyber attacks globally over the past year, with an increase of 70% over the twelve months prior.

Regarding South Africa specifically, Selck-Paulsson said Orange Cyberdefense has seen a significant increase in incidents in the past year.