Avatar photo

Compiled by Nicholas Zaal

Digital Journalist


Government Pensions Administration Agency hacked – payments unaffected

While no pension payments seem to have been affected, the GPAA shut down all its systems to isolate affected areas.


The Government Employees Pension Fund (GEPF) has said it is extremely concerned after the data of its administrator was hacked and released publicly by the ransomware group LockBit.

The GEPF was initially informed by its administrator, the Government Pensions Administration Agency (GPAA), that no data breach had occurred after an attempt to gain access to the GPAA systems by unknown individuals on 16 February 2024.

The GPAA later established that this was an attempt by the ransomware group LockBit.

ALSO READ: Pension fund dilemma: SA grapples with rule changes amid legislative lag

How it unfolded

“This morning, 12 March 2024, following the release of certain GPAA data by LockBit on 11 March 2024, the GEPF has been informed by GPAA that preliminary investigations has found that certain GPAA systems were compromised,” the fund’s spokesperson Matau Molapo revealed.

“The GPAA is investigating the alleged data breach and whether this impacts the GEPF.

“GPAA has reconfirmed that preventative action was taken when it became aware of the attempted access to its systems, which included ‘shutting down’ all systems to isolate affected areas. GPAA further confirmed that pension payments are not affected.”

Molapo said the fund is engaging with the GPAA and the administrator’s oversight authority, the National Treasury, to establish the veracity and impact of the data breach.

It said it would provide an update on the matter “in due course”.

“Until the facts have been adequately established, the GEPF is unable to comment further on the matter.”

ALSO READ: CIPC restores IT systems after data breach, but security concerns linger

Systems offline

In February, the GEPF notified its members, pensioners, and stakeholders about the system shutdown via an official statement.

The GPAA systems were offline, rendering regional offices, call centres, and other service points inaccessible to clients seeking assistance with pension administration queries.

Despite this setback, the GEPF assured its clients that their benefits were secure and unaffected by the system failure.

ALSO READ: Security breach: GEPF systems offline as agency scrambles to safeguard information

Read more on these topics

hacking pension pension fund pensioners