- This topic is empty.
Viewing 1 post (of 1 total)
-
Posts
-
Information regulator chair Pansy Tlakula confirmed in anĀ interviewĀ with the Sunday Times that neither the Department of Defence nor the State Security Agency (SSA) informed the regulator of alleged data breaches.
She added that, as a result, both parties have been sent information notices regarding the breaches.
āI donāt want to reference State Security or Defence because we are still investigating, but in general terms, to defy the regulator is a criminal offence,ā said Tlakula.
āSo apart from investigating the adequacy of the security measures, weāll also investigate, even if they have informed us, if the notification was in compliance with our law.ā
The alleged State Security data breach refers to an article fromĀ the Sunday WorldĀ at the beginning of October. The report blind-quoted an anonymous āoperativeā claiming they suspect American or Russian intelligence of the hack.
The source reportedly said they also couldnāt rule out āinternal forcesā as South Africaās political situation is currently āvery volatileā.
The Department of Defence previously claimed that reports of a data breach were āfake news,ā but quickly retracted these statements to investigate the matter further.
It later againĀ denied its network was hacked, saying the incident was the work of ācriminal syndicates within the cyberspaceā aided by information leaked from the department.
When asked about reports that both parties tried to cover up data breaches, Tlakula said she preferred not to answer as she would rather wait for information from the investigations before making presumptive comments.
Pansy Tlakula, Chair of the Information Regulator of South AfricaHowever, she did note that it is concerning that the information relating to major state entity breaches mostly comes from the media.
State entities have a legal obligation to report any breaches to the regulator ā so the fact that they are not doing so until the media reports on the incidents is problematic.
Thankfully, said Tlaluka, the information regulator has a lot of āmuscleā when it comes to monitoring government bodies.
āOur assessment report is equivalent to an enforcement notice, which means it has to be complied with. If a body doesnāt comply, we issue an infringement notice.ā
She added that these infringement notices can result in fines or criminal proceedings.
āItās just that the route to the infringement notice is quite long,ā said Tlaluka.
Updates on investigations
Last month,Ā the information regulator saidĀ it was close to revealing the outcome of its investigation into the TransUnion data breach of 2022.
This breach involved the bureau falling victim toĀ the hacking group N4ugthySecTU.
According to TransUnion, āat least 3 million South African customersā details were impacted.
The regulator also noted that investigating the Experian breach of 2020 could take longer.
The incident is believed to have exposed up to 24 million South Africansā details, and the details of nearly 794,000 businesses.
Convicted fraudster Karabo Phungula obtained the dataset under false pretences and wanted to sell the data for R4 million.
Phungula allegedly stole the identity document of a businessman who had access to the Experian database, and used this to extract the information.
Phungula has been sentenced to 15 years in prison.
source:Department of Defence and State Security in the crosshair (mybroadband.co.za)
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.