CYBER ATTACKS: A history of hacks show data breaches are ‘taken too lightly in SA’

The Citizen’s investigations have revealed serious vulnerabilities in government’s online systems, with an expert warning that a major breach could bring the country down in three days, but cybercrime and data breaches are nothing new in South Africa.

In recent years there have been several attacks logged across varied industries and government institutions.

In October 2021, hackers burrowed into the City of Joburg’s network infrastructure and demanded a ransom of R500 000, while around the same time, distributed denial-of-service (DDOS) attacks targeted major banks.

A DDOS attack occurs when hackers overwhelm a target’s IT infrastructure with digital traffic. The end game is usually to disrupt normal operations like making websites or online services of an institution very slow, inaccessible or crash, eventually going offline.

Other attacks included the Western Cape parliament’s IT systems being brought down and cross-border immigration service Sable International shutting down its servers and portals after a sophisticated data breach this year.

ALSO READ: Govt can’t keep you safe: IT vulnerabilities could collapse SA in 3 days

Hundreds of millions stolen

Then there’s the R300 million or so stolen over the past decade from the department of public works. The most recent theft was in May 2024 when long-fingered hackers help themselves to R24 million of taxpayer’s money.

In March, the LockBit ransomware gang claimed to have stolen and leaked 668 gigs of data from the Government Pensions Administration Agency.

The department of justice and constitutional development suffered a ransomware attack in September 2021, potentially compromising over 1 200 confidential files.

July 2021 saw Transnet’s IT systems sucker-punched by a cyberattack, and the Office of the Chief Justice has also fallen victim to a ransomware attack.

Earlier this year, the information regulator revealed it received more than 150 reports of major data breaches filed every month.

ALSO READ: Laboratory operations fully restored 2 months after cyberattack

Hacking must be taken more seriously – expert

Yet data breaches are taken too lightly in South Africa. Both by authorities and institutions, said cybersecurity operation Scarybyte chief executive Karim Jaber.

He cited the 2022 TransUnion data breach and ransom, long forgotten in the news cycle, but not on the dark web.

“The data remains freely available for purchase on the dark web,” he said.

“The scary part is that all this data is valid across generations. Hackers can sell this data for several years because ID numbers don’t change immediately, if at all.”

This data can be sold to anyone, from unscrupulous marketers to criminal syndicates.

According to a white hat hacker, there are several other private records for sale on the dark web, including medical records of South Africans.

ALSO READ: Data breaches cost SA organisations over R360m in 3 years