Damning revelations about South African business database hack

The hackers who breached the Companies and Intellectual Property Commission’s (CIPC) systems provided concerning details about what they found.

Last week, the CIPC said there was a security breach where personal information was unlawfully accessed and exposed.

The CIPC notified South Africans of the security breach and the compromise of the personal information of clients and employees, which was held on the CIPC records.

The commission was forced to inform people about the security compromise because of the Protection of Personal Information Act (POPIA).

The CIPC said its technicians were alerted to the security compromise because of its firewall and data protection systems.

“The compromise was isolated and curtailed, and the relevant systems are back up and available for processing,” it said.

“Unfortunately, certain personal information of our clients and CIPC employees was unlawfully accessed and exposed.”

The CIPC warned its clients to be vigilant and monitor credit card transactions closely. “Only approve and authorise known and valid transaction requests,” it said.

The commission did not immediately say what information about its employees and clients was compromised and exposed.

The hackers claiming responsibility for the CIPC hack told MyBroadband they’ve had access to the agency’s systems since 2021.

The hackers, who act as a ransomware group, said the CIPC’s version of events is completely false.

They said the CIPC has tried to cover up the fact that it was breached almost three years ago and did nothing to address its weak security.

The hackers said they gained unauthorised access using an exploit in a system developed for the CIPC by software development house Sword South Africa.

They added that they gained full access to the CIPC’s entire database, including plain text passwords and credit card information.

They had full access to company registrations and could add or remove directors at will or alter the records in other ways.

The group said the CIPC tried to cover its tracks when they pointed out the basic security holes.

“This incompetence extended to them processing and storing credit cards in the clear,” the hackers said.

The group further revealed that after their initial ransomware attempt in 2021, they moved on when it seemed like the CIPC had cut off their access to its systems.

However, they returned to the CIPC nearly three years later to find it was vulnerable to exactly the same exploit as before.

This time, they also downloaded all of Sword South Africa’s source code for the exploited systems.

“The code is full of ridiculous security holes, and it’s quite clear that these have never been through a security audit,” they said.

The attackers further claimed the CIPC only published its POPIA note after they threatened to go public.

The CIPC declined to comment on the allegations. “Kindly note that the questions you are asking are security related and have a potential to expose CIPC to further risks,” it said.

CIPC chief strategy executive Lungile Dukwana said they are handling the matter with the relevant law enforcement agencies.

“The information provided in the media release is adequate for now and will be updated should there be further developments,” Dukwana said.

MyBroadband also contacted Sword South Africa and various sister companies for comment. It did not respond.


Top JSE indices