Subscribe
About

SA’s trade regulator ITAC hit by cyber attack

Admire Moyo
By Admire Moyo, ITWeb news editor.
Johannesburg, 16 Apr 2024
The ITAC attack comes as more South African organisations, especially government entities, are targeted by cyber criminals.
The ITAC attack comes as more South African organisations, especially government entities, are targeted by cyber criminals.

The International Trade Administration Commission of South Africa (ITAC) has become the latest government entity to fall victim to a cyber attack.

According to the organisation, the attack happened in January, leading to the exposure of the personal information of stakeholders.

ITAC is an institution dedicated to promoting fair trade in South Africa in order to enhance economic growth and development. The site includes trade and tariff services as well as import and export control services.

In a social media post, Ayabonga Cawe, chief commissioner at ITAC, says: “We would like to take this opportunity to notify our stakeholders of a security compromise experienced by the trade regulator, ITAC.

“Cyber intrusions of this sort are, unfortunately, an increasingly challenging part of the terrain and environment within which we operate. We remain committed to improving the security environment of ITAC to ensure the personal information of our stakeholders remains secure and we continue working with the Information Regulator in this regard.”

The ITAC website with the breach notification was not responsive at the time of publishing.

News24 reports that in a statement on Monday, the trading regulatory body said the security breach, which occurred on 2 January this year, had locked employees out of its system and encrypted files.

It adds that an unknown perpetrator had subsequently demanded a ransom payment to restore the system.

Following the attack, the report says the IT system had been shut down while security measures, such as firewalls, had been updated.

South African organisations, especially government entities, are increasingly being targeted by cyber criminals.

Last month, the Companies and Intellectual Property Commission (CIPC) reported an “attempted security breach” that exposed the personal information of employees and clients.

The CIPC is an agency of the Department of Trade, Industry and Competition in South Africa. It is responsible for the registration of companies, co-operatives and intellectual property rights (trademarks, patents, designs and copyright) and maintenance thereof.

The Government Employees Pension Fund – Africa’s largest pension fund with more than 1.2 million active members, in excess of 450 000 pensioners and beneficiaries, and assets worth more than R1.61 trillion – was also recently targeted by cyber criminals.

Information Regulator chairperson advocate Pansy Tlakula recently revealed “it is open season for security compromises” in South Africa, with the entity receiving more than 150 data breach notifications a month.

The Information Regulator, headed by Tlakula, is mandated to ensure organisations put in place measures to protect the data privacy of South Africans in terms of the Protection of Personal Information Act (POPIA).

Under POPIA, organisations must inform the Information Regulator if they expose the personal information of data subjects to unauthorised third-parties without their approval.

The Act sets down firm frameworks that companies have to abide by to avoid fines, criminal prosecution and potential reputation loss. Perpetrators can face fines of up to R10 million or 10 years of imprisonment, depending on the seriousness of the breach.

Share