CIPC hack: What we know and how to mitigate the risk

The Companies and Intellectual Property Commission of South Africa (CIPC), which falls under the Department of Trade, Industry and Competition and is responsible for maintaining the country’s business and intellectual property registrations, released a statement regarding a data breach which compromised its systems on 29 February 2024. 

11 Mar 2024 2 min read Technology & Communications Alert Article

At a glance

  • The Companies and Intellectual Property Commission of South Africa (CIPC) released a statement regarding a data breach which compromised its systems on 29 February 2024.
  • It stated that “Unfortunately, certain personal information of our clients and CIPC employees was unlawfully accessed and exposed.”
  • CIPC account holders should take urgent steps to help prevent nefarious activities with their leaked information. 

The disclosure was made under section 22 of the Protection of Personal Information Act 4 of 2013, in terms of which the CIPC disclosed a security compromise and indicated that:

Unfortunately, certain personal information of our clients and CIPC employees was unlawfully accessed and exposed. CIPC clients are urged to be vigilant in monitoring credit card transactions and they must only approve or authorise known and valid transaction requests.”

The statement disclosed that ICT technicians were alerted by “extensive firewall and data protection systems” to a possible security compromise and immediately shut down certain CIPC systems to mitigate any possible damage. The CIPC has indicated that the compromise was isolated and the relevant systems are back up and available for processing.

The hacker group claiming credit for the CIPC attack allegedly contacted the technology site MyBroadband to let it know that the group had used an identical exploit three years ago to breach the same systems and claimed a ransom for this hack to highlight the CIPC’s systems’ flaws, which continue to have cybersecurity loopholes. The CIPC refused to respond to these allegations and has indicated that it will continue to engage with the applicable enforcement agencies.

The CIPC has not clarified details on the extent of the compromise and while the full extent of the breach is still being investigated, the CIPC is urging its clients to be vigilant in monitoring their credit card transactions and to only approve known and valid transaction requests.

To safeguard your information, it is recommended that all CIPC account holders take the following steps immediately:

  1. Change your CIPC account password, as updating your password can help prevent unauthorised access to your account.
  2. Monitor your banking transactions and keep a close eye on all banking transactions on cards that are linked to any CIPC account. If you notice any unauthorised transactions, contact your bank immediately or consider cancelling your bank card to prevent further unauthorised transactions.

For further clarification or advice on risk mitigation, please contact tayyibah.suliman@cdhlegal.com 

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.