At least 1,200 files, which include the names, banking details and contact details of those who have submitted personal information to the Department of Justice, may have been compromised during a ransomware attack on the department’s IT systems in September.
This is according to the department’s director-general advocate, Doctor Mashabane.
The ransomware attack left all of the department’s information systems encrypted and unavailable, with the department later recovering some functionality on its maintenance payment system.
“Since the breach occurred, the department analysed the nature and extent of the breach, and has found that there might be personal information that has been accessed or acquired by an unauthorised person/institution, whose identity is currently still unknown.
“The consequences of the breach is the selling of the personal information and its use for unlawful purposes,” Mashabane said.
The director-general said that those who may have used the department’s services are requested to:
- Review their financial accounts and bank statements;
- Keep an eye on bank notifications in terms of purchases made and
- Inform law enforcement for any suspected or actual act of identity theft occurs.
Mashabane said the department had introduced measures to prevent a similar attack and strengthen its IT security, including:
- Enhancing access control measures;
- Upgrading of IT defensives measures and
- Upgrading of anti-virus and anti-malware software.
“The department will ensure that [all those who may be affected] are kept up to date with regard to further investigations of the nature of the personal information that was compromised,” Mashabane said.