At least 1 200 files containing the names, banking details and contact details of those who have submitted personal information to the Department of Justice and Constitutional Development may have been compromised during a ransomware attack on the department’s IT systems in September.
This is according to the department’s director-general advocate Doctor Mashabane.
The ransomware attack left all of the department’s information systems encrypted and unavailable, with it later recovering some functionality on its maintenance payment system.
“Since the breach occurred, the department analysed the nature and extent of the breach, and has found that there might be personal information that has been accessed or acquired by an unauthorised person / institution, whose identity is currently still unknown.
“The consequences of the breach is the selling of the personal information and its use for unlawful purposes,” Mashabane says.
The director-general adds those who may have used the department’s services are requested to review their financial accounts and bank statements, keep an eye on bank notifications in terms of purchases made, and inform law enforcement if any suspected or actual act of identity theft occurs.
Mashabane notes the department had introduced measures to prevent a similar attack and strengthen its IT security, including enhancing access control measures, upgrading of IT defence measures and upgrading of anti-virus and anti-malware software.
“The department will ensure [all those who may be affected] are kept up to date with regard to further investigations of the nature of the personal information that was compromised.”