CIPC says it is not the first entity to be hacked
The Companies and Intellectual Property Commission (CIPC), where all companies in South Africa are registered, says it is not the first organisation to be hacked. And after website maintenance that took about 17 hours, it has introduced a new customer verification process.
The CIPC is an agency of the department of trade, industry and competition and keeps all data about companies, cooperatives and intellectual property.
After the news that the CIPC site was hacked and confidential information about companies leaked, a ransomware gang claimed responsibility and told MyBroadband it’s had access to the agency’s systems since 2021.
The hackers alleged that the CIPC tried to cover up the fact that it was breached almost three years ago and did nothing to address its weak security.
After coming online again, the CIPC said in a notice on its website: “Without detracting from the seriousness of such incident, it is important to mention that the CIPC is not the only organisation that has been subjected to such a breach – there has been a massive increase of cyberattacks in South Africa and it would seem that as a jurisdiction, we are being targeted.
“Breaching the security infrastructure of any organisation, institution or agency is nothing more than a criminal act and the perpetrators are criminals who should be portrayed as such. As a result of the criminal nature of the unlawful and illegal breach of the CIPC security systems and protocols, the necessary steps will be taken to ensure that the guilty are held responsible for the crimes committed.”
The CIPC says it proceeded to comply with all requirements in terms of the Protection of Personal Information Act by notifying the Information Regulator, the South African Police Service and the State Security Agency of the security compromise as soon as the breach became known.
It adds it is taking every reasonable step to ensure that CIPC systems and platforms are protected from unlawful and/or unauthorised access and abuse.