A cyber attack on the Department of Justice and Constitutional Development’s (DOJ&CD’s) IT systems has spilled over to the office of the Information Regulator (IR), disrupting the watchdog’s IT systems.
Last week, the justice department battled to contain a ransomware attack on its IT systems, following a security breach that led to all of the department’s information systems being encrypted and unavailable to internal employees, as well as members of the public.
As a result, all electronic services provided by the department were affected at the time, including the issuing of letters of authority, bail services, e-mail and the departmental website.
In a statement, the IR notes that even more concerning is that the security breach did not only interrupt the DOJ&CD’s IT systems, but also impacted on the work of the IR, which relies on the DOJ&CD’s IT systems for its own operations.
The IR, which is overseen by theDOJ&CD, was established in December 2016, with the aim to, among others, monitor and enforce compliance by public and private bodies with the provisions of the Promotion of Access to Information Act and the Protection of Personal Information Act (POPIA).
“As a result of this DOJ&CD security breach, the regulator’s website was temporarily unavailable for three days, and the e-mail system went offline and remains unavailable,” notes the statement.
“The regulator has written to DOJ&CD to remind them of their obligations in terms of Section 22 of the Protection of Personal Information Act, which requires responsible parties to notify the regulator and the data subject where reasonable grounds exist and the personal information of a data subject has been accessed or acquired unlawfully.”
The IR notes with concern that it had only learned about the incident via media reports and an official public statement from the DOJ&CD. One of the matters which the IR has sought details on from the department is the impact of the security breach on its information systems and those of its stakeholders, which have not yet been provided.
While all electronic services provided by the regulator have been affected, including e-mails, applications, complaints and the website, the watchdog has assured stakeholders that IT teams are working around the clock to restore services as soon as possible.
Advocate Pansy Tlakula, chairperson of the IR, says: “It is very unfortunate that this breach has occurred. As the regulator, we are concerned about the high number of security breaches in SA.
“In August alone, 38 responsible parties suffered, and reported, security breaches. Responsible parties are reminded of their obligation under POPIA to secure the integrity and confidentiality of personal information of data subjects by taking appropriate, reasonable, technical and organisational measures to prevent unlawful access to, or processing of, personal information. It is our role to ensure personal information is processed safely and securely. Failure to do so has legal consequences.”
Payments in limbo
Meanwhile, in a statement released yesterday, the DOJ&CD notes: “The DOJ&CD would like to inform beneficiaries of child maintenance that payments will be delayed due to departmental systems, including MojaPay, not being currently accessible.
“MojaPay is the system the department utilises to administrate maintenance payments. While the department is not able to determine the exact date when the required systems will be restored, the department will ensure all child maintenance money is kept secure for payment to the rightful beneficiaries when the systems are back online.”
However, the department points out the current system challenges do not affect the receipt of child maintenance money from the maintenance-paying parent, or employers who deduct these funds from the paying parent’s salary. The monthly child maintenance deductions will go ahead as scheduled.
ITWeb reported last week that local government entities are increasingly falling victim to cyber attacks, after the South African National Space Agency was also targeted.
Another state-owned company, Transnet, revealed in July that it had suffered a “disruption” of its IT systems, in what is widely believed to be a ransomware attack. It saw the rail, port and pipeline company’s operations coming to a standstill.