Data breaches rising at alarming rate, says InfoReg

Simnikiwe Mzekandaba
By Simnikiwe Mzekandaba
Johannesburg, 22 Feb 2024
The Information Regulator receives more than 150 data breach notifications a month.
The Information Regulator receives more than 150 data breach notifications a month.

It is open season for security compromises in South Africa, says Information Regulator chairperson advocate Pansy Tlakula, with the entity receiving more than 150 data breach notifications a month.

This came to light during the chairperson’s fireside discussion with ITWeb editor-in-chief Adrian Hinchcliffe, at the ITWeb Governance, Risk and Compliance 2024 conference.

During last year’s event, Tlakula revealed the country suffered about 56 data breaches a month, based on the notifications it received. She blamed the over-processing of data subjects’ personal information for this.

However, the information watchdog now says this number has increased. “I think it’s about 150 [data breach notifications] a month,” Tlakula told delegates.

“I don’t think South Africans take cyber security seriously, to be honest. The number is increasing and the hackers have found very fertile ground in South Africa.

“I don’t know what the problem is, but the number is increasing and data breaches in this country are very serious – they’re actually very scary. If we receive more than 150 notifications a month, that’s quite serious.”

According to Tlakula, the TransUnion security comprise is still the biggest in the country because it involved several millions of people.

In 2022, ITWeb broke the news about the TransUnion hack, when N4ughtySecTU demanded $15 million (R223 million) ransom over four terabytes of compromised data.

After the hack, the group claimed it had accessed 54 million personal records of South Africans, including the personal details of president Cyril Ramaphosa.

South Africa has recorded a number of high-profile cyber attacks recently, with credit bureaus and several government departments suffering attacks, as well as highly-organised distributed denial-of-service attacks on banks.

The Council for Scientific and Industrial Research estimates financial losses of up to R2.2 billion per annum to the South African economy as a result of cyber crime.

Data from Kaspersky shows 82% of surveyed South African companies said they faced cyber incidents in different forms − 11% of which were caused by deliberate malicious behaviour by employees.

The Information Regulator, SA’s data privacy enforcer, is headed by Tlakula and mandated to ensure organisations put in place measures to protect the data privacy of South Africans under the Protection of Personal Information Act.

As of June 2021, it took over the regulatory mandate functions relating to the Promotion of Access to Information Act from the South African Human Rights Commission.

To view the full ITWeb fireside discussion, click here.