CIPC says it is not first to be hacked, starts new customer verification process

The CIPC, where all companies in South Africa are registered, says it is not the first organisation to be hacked and after website maintenance that took about 17 hours, has introduced a new customer verification process.

The CIPC (Companies and Intellectual Property Commission) is an agency of the Department of Trade, Industry and Competition and keeps all data about companies, co-operatives and intellectual property.

After the news that the CIPC site was hacked and confidential information about companies leaked, a ransomware gang claimed responsibility and told MyBroadband they had access to the agency’s systems since 2021.

The hackers alleged that the CIPC tried to cover up the fact that it was breached almost three years ago and did nothing to address its weak security.

After coming online again, the CIPC says in a notice on its website: “Without detracting from the seriousness of such incident, it is important to mention that the CIPC is not the only organisation that has been subjected to such a breach and there has been a massive increase of cyber-attacks in South Africa and it would seem that as a jurisdiction, we are being targeted.”

ALSO READ: CIPC restores IT systems after data breach, but security concerns linger

A criminal act, CIPC says

“Breaching the security infrastructure of any organisation, institution or agency is nothing more than a criminal act and the perpetrators are criminals that should be portrayed as such. As a result of the criminal nature of the unlawful and illegal breach of the CIPC security systems and protocols, the necessary steps will be taken to ensure that the guilty are held responsible for the crimes committed.”

The CIPC says in the notice that it proceeded to comply with all requirements in terms of the Protection of Personal Information Act by notifying the Information Regulator, the South African Police Service and the State Security Agency of the security compromise as soon as the breach became known.

The agency says it is taking every reasonable step to ensure that the CIPC systems and platforms are protected from unlawful and/or unauthorised access and abuse and remain available for its clients for transacting.

“We will continue to transact and service our clients with efficiency in all areas of our core mandate as we have been and are currently doing. The CIPC has always been aware of the possibility of attacks against its databases and over the years have invested significantly in the best technology to secure the data kept on our registers, despite having the legal obligation to disclose same.”

ALSO READ: CIPC hacked, companies’ personal information ‘compromised’

CIPC operated according to Companies Act

The CIPC also refers to section 187(4)(c) of the Companies Act, which states that it must make the information in its registers available to the public and organs of state efficiently and effectively.

“In terms of our governing legislation, the information contained on the CIPC registers form part of the public domain and can be accessed by any person when the legal and lawful processes are followed.”

According to the notice criminals are feeling the pressure due to the increased regulatory compliance frameworks in South Africa brought about by the General Laws Amendment Act and as one of the regulators tasked with enforcing compliance to the legislation, the CIPC is not immune to levels of criminality levelled against it.

“The resultant effect is heightened awareness of security, especially cyber security risks and greater vigilance in terms of the protection of the data the CIPC is custodian of. The CIPC has been and continues to deploy additional security and verification layers on all our transactional platforms and our clients are urged to update and amend all passwords and login information, as an added security measure,” the CIPC says.

It emphasise the commission, established by the Companies Act, will perform its functions without fear, favour or prejudice and will continue to fulfil its obligations and objectives, even in the face of criminal adversity.

ALSO READ: Hackers with access to 54 million personal records demand R224m ransom from TransUnion SA

What businesses can do to prevent information misuse

In reaction to the hack, an IT support company executive said in a letter to customers that the critical security breach at the CIPC will have far reaching and immediate implications.

“The breach involves the unauthorised access to sensitive data, including names, addresses, passwords and ID numbers of directors and individuals associated with finance across all businesses in South Africa,” he writes.

He recommends that companies change their passwords, be vigilant and review their security measures.

“If any of your staff members or directors used the same password for CIPC on other systems or accounts, it is crucial to change those passwords immediately. Hackers are likely to exploit this breach by attempting to access other systems using leaked email addresses and passwords.”

He also says businesses must be vigilant.

“Directors and individuals who had a CIPC account must be aware that they may be targeted by phishing emails or social engineering attempts. It is imperative to remain vigilant and exercise caution when responding to emails or providing sensitive information online or on the phone.”

In addition, he encourages businesses to review their security measures.

“We recommend reviewing and reinforcing your organisation’s cybersecurity measures. This includes implementing multi-factor authentication wherever possible and providing regular cybersecurity awareness training to all employees.”