University of Mpumalanga thwarts R100m hack attempt

Read time 2min 40sec

The University of Mpumalanga (UMP) says it foiled attempts to hack into its bank accounts that could have cost the institution of higher learning R100 million.

The university announced in a statement at the weekend that the incident was averted and the institution only lost R3 000 out of R100 million, saying this was “as a result of robust cyber security preventative measures the university has put in place”.

Professor David Mabunda, UMP chairperson of council, comments: “As a council, we would like to appreciate the incredible work that was done by the university management to avert what would have been an extremely unfortunate loss.

“Cyber attacks are a moving target, given that as much as e-commerce has its own advantages, it also poses a risk from criminal networks who are continuously using sophisticated methods to execute their nefarious activities.

“We have a responsibility to constantly improve and review our cyber security preventative measures as part of good governance and globally-competitive management practices.”

The UMP council expressed concern about the increase in cyber attacks on individuals, public and private entities in SA.

The attempted hack on UMP is the latest in a series of recent attacks targeting local entities.

In July, Transnet suffered a “disruption” of its IT systems, which saw the rail, port and pipeline company’s operations coming to a standstill. This was widely believed to be a ransomware attack.

Last month alone, a number of government entities fell victim, including the South African National Space Agency (SANSA) and justice department.

SANSA reported on 6 September that a file consisting of critical information was dumped in the public domain.

This was followed by a ransomware attack on the Department of Justice and Constitutional Development.

According to the department, its IT systems were compromised following a security breach. At the time it said: “This has led to all information systems being encrypted and unavailable to internal employees, as well as members of the public. As a result, all electronic services provided by the department are affected, including the issuing of letters of authority, bail services, e-mail and the departmental website.”

The attack on the justice department had a ripple effect, spilling over to the office of the Information Regulator, disrupting the watchdog’s IT systems.

SA’s private institutions have also been hit, with Debt-IN Consultants reporting a ransomware attack, saying it is suspected that consumer and personal information of more than 1.4 million South Africans was illegally accessed from its servers in April.

CEO Mark Essey said: “Debt-IN deeply regrets this cyber attack, and we apologise unreservedly for the inconvenience and anxiety the data breach has caused our clients and their customers.

“We are taking this matter very seriously. In this age of highly-sophisticated information security threats and an estimated 17 billion cyber attacks around the world every day, Debt-IN is committed to doing all it can to protect clients’ information.”

See also