JSE-listed Lesaka unit Adumo is assuring its clients that no consumer data was breached during a cyber attack that apparently resulted in thousands of files being made available for sale on the dark web.
ITWeb Security Summit 2026:
To learn more about defending organisations against today’s evolving cyber threats, register for ITWeb Security Summit Cape Town 2026 or ITWeb Security Summit 2026 in Johannesburg, where global and local experts will unpack the latest security trends and solutions.
Website dailydarkweb.net reports that the company’s “highly-sensitive technical database and source code” has been priced at $7 000 (R114 920 at this morning’s exchange rate of R16.42). According to the site, the allegedly compromised data consists of 15 546 files totalling 14GB.
Adumo says it is South Africa’s largest independent payments processor. As of last June, it was providing payment processing and integrated software solutions to about 29 000 active merchants in a variety of business verticals across South Africa, Namibia, Botswana and Kenya.
Lesaka bought Adumo in a R232 million deal in October 2024. The company processes more than R80 billion in transactions each year, aiding small and medium enterprises with financial inclusion.
In response to a request for comment from Lesaka CEO Lincoln Mali, the company shared a statement that says: “Adumo is aware of information circulating online and is conducting an internal investigation to verify its source and scope.”
Adumo adds its “initial assessment indicates that the material referenced is routinely shared with external partners and does not include customer data”.
Bigger picture
“The Adumo incident is particularly concerning, not necessarily because of confirmed customer data exposure, but because of the nature of the assets allegedly being circulated,” comments Jacqui Muller, Belgium Campus iTversity researcher and PhD candidate in computer science.
“At this stage, there is no verified indication of the volume of stolen data. The concern is that the reported assets contain sensitive information.”
While 16GB could equate to millions of records in a traditional data breach, the reported data types suggest this is more likely a compact but highly-sensitive set of technical artefacts, says Muller.
Muller says the breach seems to have compromised point-of-sale software, debugging tools, low-level documentation, insight into how secure chip-and-PIN transactions work, and certification artefacts for Mastercard and Visa systems.
“In a payments ecosystem, this type of information is extremely sensitive and typically tightly controlled,” says Muller.
She adds that while a breach has been identified, it is not yet confirmed that the data being advertised is authentic, but if it is, a buyer could mimic transactions and, combined with other stolen data, facilitate fraud.
Targeting scale
Muller says the breach also reflects a broader shift in the South African cyber security landscape, where attacks are increasingly targeting financial infrastructure and operational systems, rather than just data repositories.
“The sophistication and intent behind such incidents suggest a move towards higher-value, systemic targets that can enable fraud or disruption at scale,” says Muller.
Lesaka’s addition of Adumo enables Lesaka to serve 1.7 million active consumers, 120 000 merchants, and process over R270 billion through its systems each year, Mali said in October 2024 when the deal was concluded.
Its annual report for the year to June 2025 says its purchase of Adumo “has enabled us to extend our reach into larger merchants with more sophisticated point-of-sale software needs”.
Share
