South Africa's regulator launches investigation into CIPC after a system breach

March 27, 2024
2 min read
  • In a media briefing, South Africa's Information Regulator has launched an independent investigation into the Companies and Intellectual Property Commission (CIPC) following a security breach in its systems. 
  • The regulator stated that it had received reports that the perpetrators who hacked the system were still in the CIPC IT environment and that the  CIPC systems remained compromised.
  • Additionally, the regulator said it will be finding out whether CIPC’s business model facilitates the trading of personal information in its possession. This relates to CIPC's organisational and technical safeguards for personal information.

CIPC, as part of the Department of Trade, Industry, and Competition, handles registration relating to companies, co-operatives, and intellectual property. 

On February 29, 2024, the agency informed the public that it had experienced an "attempted" security breach and that the personal information of clients and employees had been compromised. The information includes the names and addresses of the registered clients.

While CIPC stated that the extent of the exposure is being investigated and will be communicated soon, a group claiming responsibility for the hack told My Broadband that the CIPC system has been vulnerable for a long time, claiming that they have had access to the system since 2021.

The attackers claim they have downloaded all of Sword South Africa's source code for the systems they exploited, and they used an exploit in a system created for the CIPC to make the event possible. 

Now, the group is asking for $100,000 [R1.9 million] to delete everything and maintains they still have access despite CIPC’s efforts to remove them.

The regulator also provided an update on TransUnion, a credit bureau in South Africa, which experienced a data breach in March 2022. The regulator said that after its assessment, it found that TransUnion violated the conditions for the lawful processing of personal information.

Consequently, it has served TransUnion with an enforcement notice requesting it strengthen its data management and security protocols. Following the enforcement notice, the credit bureau must submit proof to address the process by May 26, 2024.

Got a tip? Our journalists are ready to dig deeper. Please share your insights and information and help us uncover the stories that matter.

Subscribe To Techpoint Digest
Join thousands of subscribers to receive our fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
This is A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day! 
Digest Subscription

Give it a try, you can unsubscribe anytime. Privacy Policy.

Other Stories

43b, Emina Cres, Allen, Ikeja.

 Techpremier Media Limited. All rights reserved