Cyberattack Targets Regulator Database in South Africa

Sensitive data on businesses and individuals in South Africa remains at risk in the wake of a recent cyberattack on the Companies and Intellectual Property Commission (CIPC) agency.

CIPC, which handles registration and intellectual property data on businesses in the nation, has shared little specific information on just what data was exposed in the cyberattack this month. The agency told a South Africa media outlet that the attack compromising personal data on employees and its clients was "isolated" and that it was taking steps to "ensure the CIPC systems and platforms are protected from unlawful and/or unauthorized access and abuse, and remain available to our clients for transacting."

Meanwhile, security experts are raising alarm over the lack of detail on data exposed in the attack and the consequences of the compromise. "The lack of clarity about what kind of data was stolen is a major worry," Richard Frost, head of consulting at Armata, told Biz Community. "Some of this information should never be publicly available, let alone in the hands of hackers."

Personal information about CIPC directors as well as other sensitive data could be abused, he noted. "Every single South African company should be contacting their customers," Frost said. "Highlight the risks, explain preventive measures, and encourage them to verify any suspicious requests."