The Department of Justice’s Director-General Advocate, Doctor Mashabane said “at least 1,200 files” containing personal information may have been leaked.
The files were likely compromised during a ransomware attack on the department’s IT systems back in September.
Here’s what you need to know.
Justice Department hack
Personal information leaked
The leaked data includes the names, banking details and contact details of those who have submitted personal information to the Department of Justice.
The ransomware attack took the department’s information systems offline, with the department later recovering some functionality on its payment system.
Mashabane said the department analysed the extent of the breach and found there “might be personal information that has been accessed by an unauthorised person or institution”.
“The consequences of the breach is the selling of the personal information and its use for unlawful purposes,” Mashabane said.
Court proceedings not affected
Back in September, the department said court proceedings were not affected by the attack, thanks to the manual system introduced to ensure proceedings are not compromised.
“The department’s IT team, working closely with IT coordinators and directors for court operations at the regional offices, has introduced standard operating procedures for manually operating the court recording technology [CRT] systems to ensure that the safety of the court records is guaranteed.”
“All courts are expected to operate normally without any challenges related to the CRT systems,” the department said.
The Department of Justice and Constitutional Development also rebuffed rumours that hackers demanded a R33 million ransom, following a ransomware attack earlier this month.
What to do now?
The Director-General said that those who may have used the department’s services are requested to:
- Review their financial accounts and bank statements,
- Keep an eye on bank notifications in terms of purchases made, and
- Inform law enforcement for any suspected or actual act of identity theft occurs.
Mashabane said the department had introduced measures to prevent a similar attack and strengthen its IT security, including:
- Enhancing access control measures,
- Upgrading of IT defensives measures, and
- Upgrading of anti-virus and anti-malware software.
“The department will ensure that [all those who may be affected] are kept up to date with regard to further investigations of the nature of the personal information that was compromised,” Mashabane said.