“The Internet is a worldwide platform for sharing information. It is a community of common interests. No country is immune to such global challenges as cybercrime, hacking, and invasion of privacy” – (Lu Wei, the head of the General Office of the Central Leading Group for Internet Security and Informatization from August 2013 to June 2016)
On the 1st of March 2024, the CIPC admitted it had been hacked. The CIPC said in a statement that, “Our ICT technicians were alerted, due to extensive firewall and data protection systems in place at the CIPC, to a possible security compromise and as a result, certain CIPC systems were shut down immediately to mitigate any possible damage.”
While they referred to the incident as “an attempt” to hack their systems they also added, “Unfortunately, certain personal information of our clients and CIPC employees was unlawfully accessed and exposed.”
A few days later MyBroadband.co.za said they had been contacted by the hackers who allegedly proved they had access to the site since 2021 and the CIPC could be understating the damage done. Whether the claims made to MyBroadband are accurate or not, the possibility this hack has leaked private information from many or all of South Africa’s registered businesses and presumably given outside access to company registrations which potentially allows the hackers to make alterations to core business areas.
Together with a long-standing issue at SARS that periodically sees clients receiving an email or SMS stating, “unauthorised changes were made to your personal details on eFiling”, it is clear that South African businesses need to be aware of the risks of online attacks at key government organisations and more importantly, know what to do about them.
These are the main concerns:
According to reports, the hackers may have gained access to the private credit card information used to make payments to the CIPC. MyBroadband quotes the alleged hackers as saying the CIPC was “processing and storing credit cards in the clear.” While most banks require access to an app as verification, the exposure of CVVs and expiry dates of cards is a risky proposition. When combined with other information stored on the site, such as the names, addresses and signatures of directors there is a real risk that company clients and contacts may be open to being scammed through fake profiles or other contacts generated by malicious third parties.
If, as is alleged, hackers have gained unfettered access to the company registrations section and the login details for multiple clients, companies risk potential changes in their core information. Directors can be changed, addresses altered and critically, key documentation can be downloaded.
The latter is of great concern as these documents could allow a fraudster to open bank accounts in a company’s name. After that it becomes simple to contact clients saying that bank account details have changed, and even offer them the proof that they are speaking to legitimate company representatives. From there money could easily be siphoned into these phoney accounts and it may take weeks or even months to uncover.
With every company vulnerable it’s critical to take a number of steps immediately to mitigate the risk and potential damage.
Don’t stop being cautious. These sorts of hacks can often come back to haunt a company months after they happen. Assume you will need to be careful for at least a year as the hackers work their way through their haul and try to make the most of it.
Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.
© CA(SA)DotNews