CIPC restores IT systems after data breach, but security concerns linger

The Companies and Intellectual Property Commission (CIPC) has restored its core IT systems to full functionality, but the question remains whether the security vulnerabilities have been fixed.

On Wednesday, the CIPC shut down its core IT systems for 17 hours to do urgent maintenance on its website. The site was up and running again from 07:00 on Thursday, with a new customer verification process for South African ID and foreign passport holders.

ALSO READ: CIPC hacked, companies’ personal information ‘compromised’

This comes after the commission suffered a data breach last week that compromised the personal details of CIPC clients and employees. A ransomware gang claimed responsibility for the attack, but the CIPC has yet to confirm or deny this.

“By the looks of it, the CIPC managed to get their systems up and running without having to pay a ransom, which is a good thing, but the system has the same security shortcomings,” says Jan Vermeulen, editor of MyBroadband.

First hack in 2021

Hackers who allege they carried out the cyber attack contacted Vermeulen and told him they infiltrated the CIPC’s database for the first time in 2021.

They claim the CIPC is covering up the true extent of the security breach.

According to Vermeulen, the hackers showed him a post on Pastebin, a site where text can be stored online, where the date of the hack was displayed as 2021. This serves as proof of the claim that they first gained access to the CIPC’s systems three years ago.

ALSO READ: Dis-Chem facing R10 million fine after client data breach

“The data they showed me had CIPC clients’ login details, their passwords, ID numbers ­– all their profile information,” says Vermeulen.

The hackers allege they infected the CIPC’s systems with ransomware at the time, but their access had then been cut off. Three years later, they found they could still get into the CIPC’s systems using the same weaknesses they had exploited in 2021, according to Vermeulen.

CIPC mum on previous breach

The CIPC did not want to confirm or deny the assertion that its systems had been breached before last week’s incident. Lungile Dukwana, spokesperson at the CIPC, says the issues are “security-related” and that divulging more information has the potential to expose the CIPC to more risks, as the matter is “criminal in nature”.

The CIPC put up a notice on its website in which it points out that it is not the “only organisation” that has been subjected to a security breach. “[T]here has been a massive increase of cyberattacks within South Africa and it would seem that as a jurisdiction we are being targeted.”

Vermeulen says the CIPC shouldn’t be victim-blamed for the cyber attack, but neither should it make excuses for its security systems being incredibly weak in the first place.

Nomzamo Zondi, media liaison officer at the Information Regulator, the authority that deals with issues such as security breaches, says a total of 224 security breaches have been reported so far this year, of which four were at public institutions, including the CIPC.

ALSO READ: How far is South Africa with getting off the greylist?

The Information Regulator is still considering the CIPC’s responses about its recent security breach to determine the course of action.

This article was republished from Moneyweb. Read the original here