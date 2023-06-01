Seacom clients complain of post-attack billing errors

Business customers of Seacom have complained they are being accidentally billed millions of rands per day, as the subsea cable operator grapples with the ramifications of a recent cyber attack.

Last month, Seacom was hit by a cyber attack, which the company claims impacted a “small number” of its customers.

At the time, it explained the cyber security incident − which was “limited and contained timeously” − affected only its hosting environment. It also revealed an initial investigation found that no customer data was compromised.

However, ITWeb has received complaints from frustrated Seacom customers, who say the outage was more extensive than claimed.

In addition to the system generating inaccurate billing information, customers say their end-users have been experiencing mounting service interruptions since the incident occurred – with no explanation from Seacom of the depth of the issue and when it will be fully resolved.

“Our experience of the outage at Seacom has been far worse than they made out in their media release. They have made virtually no contact with our team at all; we have had customers who were unable to transact,” explains the CEO of a local internet service provider that is a Seacom client.

“What we know is they were locked out of their own virtual and hosting environment. They could not get access back into it. In my experience of looking into these types of attacks, this means the attackers had administrative control and therefore unfettered access to the hosting environment and the virtual machines and data that resides there.”

According to the customer, some Seacom business clients may have lost millions of rands in the first week of the cyber incident, as a result of downtime, which severely impacted their services to end-users.

“In my opinion, this indicates to me that there was no plan in place, there is no redundancy. I foresee class action lawsuits in the near future, for loss of revenue and reputation,” continues the client.

Another customer tells ITWeb: “I’ve had no communication from Seacom and when I call them, they cannot tell me when the service will be fully restored − this week, next week, next month, next year? Maybe never? What should I do? Change to another ISP? Seriously considering this.”

Restoration of services

Launched in July 2009, Seacom provides enterprise and SME connectivity solutions, ranging from high-speed fibre or wireless internet access, to ethernet links, direct internet access and cloud services.

In 2015, it entered the direct to corporate market in SA, followed by similar launches in Kenya in 2016 and Uganda in 2019.

In March, it started offering services live on Google’s Equiano cable following the subsea cable’s landing in Cape Town, in August.

Responding to ITWeb’s questions about the impact of the cyber incident, Prenesh Padayachee, group chief digital officer at Seacom, says only the company’s server hosting environment was affected by the cyber incident, noting it has since been fully restored.

While most services, including billing systems, have been restored, not all are live yet, as internal systems are still undergoing a test phase, he adds.

“Our access to our support ticketing system and billing system have been restored and our IT teams are currently going through quality assurance testing before bringing these systems into our production environment.

“Customers whose environments were impacted by the incident were communicated with directly, and our IT teams worked with these customers to restore their services. All Seacom customers have been informed about delays in billing.”

In terms of network outages, Padayachee points out neither Seacom’s connectivity customers nor its network were impacted by the cyber security incident.

However, he confirms that on Tuesday this week, the company experienced a temporary network outage, which affected its Johannesburg metro customers.

“This interruption was resolved with our third-party network provider at approximately 19:30 on the same day, and is not related to the cyber incident.”

Padayachee adds the security of customers and data is of utmost importance. Seacom has implemented a business continuity plan and any new developments are closely monitored, he notes.

“We are currently compiling a root cause report and will only be able to share information once this has been completed.”

Security experts have been warning of a continued increase in the sophistication and prevalence of all types of cyber attacks in SA and globally, as hackers stop at nothing to gain unauthorised access to company systems, to pocket large sums of money.

Seacom is among several local firms that have suffered cyber attacks recently, with RSAWeb, Dis-Chem, Experian, TransUnion, some local banks as well as several government departments falling victim.

SA’s Information Regulator says it received over 500 notifications of data breaches or security compromises at local firms from October 2022 to February 2023.