GEPF data breach: Second time lucky for the hackers?

Data released by ransomware group LockBit – allegedly through the Government Pensions Administration Agency (GPAA) – has the Government Employees Pension Fund (GEPF) “extremely concerned”.

The fund acknowledged the incident in a statement on Tuesday.

It said that following the release of “certain GPAA data” by LockBit on Monday (11 March), it was informed by the GPAA on Tuesday morning that preliminary investigations found that “certain GPAA systems were compromised”.

Prior warning?

The pensions administration agency had been alerted to an attempt by unidentified individuals to access its systems on 16 February – and assured the fund that no data breach had taken place on that occasion.

 

A subsequent investigation by the agency revealed the February attempt to be linked to LockBit.

The fund said in its statement the GPAA is investigating the current alleged data breach and whether it “impacts the GEPF”.

It said the GPAA has “reconfirmed that preventative action was taken when it became aware of the attempted access to its systems” – which included “shutting down” all systems to isolate the affected areas.

The fund said in its statement the GPAA “further confirmed that pension payments are not affected”.

Tempting target?

The GEPF is Africa’s largest pension fund and is responsible for managing the retirement savings of approximately 1.27 million public servants and more than 473 000 pensioners and beneficiaries.

The fund said it is in discussions with the GPAA and its oversight authority, National Treasury, to ascertain the veracity and implications of the reported data breach.

“Until the facts have been adequately established, the GEPF is unable to comment further on the matter,” it added.