• Home
  • /
  • Computing
  • /
  • CIPC registry restores IT systems after cyber attack

CIPC registry restores IT systems after cyber attack

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 07 Mar 2024
The CIPC confirmed to ITWeb this morning that the maintenance after the cyber attack has been completed.
The CIPC confirmed to ITWeb this morning that the maintenance after the cyber attack has been completed.

The Companies and Intellectual Property Commission (CIPC) has completed maintenance of its core IT systems following a cyber attack.

The organisation yesterday announced it was temporarily shutting down its IT systems after encountering a cyber breach.

Last week, the CIPC confirmed an “attempted security breach” and the compromise of personal information of clients and CIPC employees.

The CIPC is an agency of the Department of Trade, Industry and Competition in South Africa. It is responsible for the registration of companies, co-operatives and intellectual property rights (trademarks, patents, designs and copyright) and maintenance thereof.

In a notice posted yesterday on social media platform X, formerly Twitter, the CIPC said: “Kindly note there is urgent system maintenance planned for today, 6 March 2024, at 14:00 until tomorrow morning at 07:00. As a result, all the core IT systems will be unavailable during the maintenance period. We apologise for any inconvenience caused.”

The affected services included the call centre, website and self-help service centre.

The organisation confirmed to ITWeb this morning that the maintenance has been completed. At around 7am, the CIPC’s website was inaccessible but was up by 8am.

In an update yesterday, the CIPC said: “Many of you might have read in the media that the CIPC experienced a security breach. Without detracting from the seriousness of such incident, it’s important to mention that the CIPC is not the only organisation that has been subjected to such a breach, and there has been a massive increase of cyber attacks within SA and it would seem that, as a jurisdiction, we are being targeted.”

It notes that breaching the security infrastructure of any organisation, institution or agency is a criminal act and the perpetrators are criminals that should be portrayed as such.

“As a result of the criminal nature of the unlawful and mala fide breach of the CIPC security systems and protocols, the necessary steps will be taken to ensure the guilty are held responsible for the crimes committed.”

As soon as the breach became known, the CIPC proceeded to comply with all requirements in terms of the Protection of Personal Information Act, 4 of 2013, by notifying the Information Regulator, the South African Police Service and State Security Agency of the security compromise and publishing a media statement to that effect, it states.

“Every reasonable step is being taken to ensure the CIPC systems and platforms are protected from unlawful and/or unauthorised access and abuse, and remain available to our clients for transacting.

“We will continue to transact and service our clients with efficiency in all areas of our core mandate as we have been and are currently doing. The CIPC has always been aware of the possibility of attacks against its databases and over the years has invested significantly in the best technology to secure the data kept on our registers, despite having the legal obligation to disclose same.”