South Africa’s Justice Department Suspends Third-Party Payments after Attempted Cyberattack
- The Department of Justice suspended third-party payments, including child maintenance, after unknown attackers tried to break into its system.
- People who require immediate child maintenance can approach their nearest court and get paid manually.
- There has been a recent increase in the number of cyber attacks among South African organizations. The country's watchdog has been receiving 150 breach notifications a month.
South Africa's Department of Justice and Constitutional Development (DJ&CD) has been hit by a cyberattack.
The news came in just a couple of days ago (May 24) through a statement released by the department, which revealed that third-party payments, including child maintenance, have been temporarily suspended after unknown miscreants tried to sabotage the system.Those who require immediate child maintenance have been asked to go the traditional way-visit their nearest courts with original documents to get paid manually until the system is back up.
What Is the Justice Department Doing Now?A forensic team has been hired to investigate the matter. However, nothing has been discovered about the attack at the time of writing.
The department has also assured that necessary steps have been taken to secure the system and reduce the chances of a repeat attack in the future.
We sincerely apologize to all beneficiaries for any inconvenience caused and deeply appreciate the patience and understanding during this period." - Justice Department
2021's Attack on SA's Justice DepartmentThis isn't the first time the justice department has been under siege. Back in 2021, the department was hit by a ransomware strike, which led to the encryption of all information systems. Such unknown encryption made these systems unavailable to both internal employees as well as the public.
Many services offered by the department, such as bail services, letters of authority, email, and even its website, were compromised and at least 1,200 files were leaked. These files contained the personal details and banking information of people who had submitted their data to the department.
The worst part of the 2021 attack is that it wasn't confined. It spread to the office of the Information Regulator. As a result of this, the department's IT system and email were down, while its website was unavailable for three long days.
What Happened Next?The attack had severe consequences for the department. The Information Regulator slapped a massive R5 million fine (around $271,452) for violating South Africa's data privacy law, the Protection of Personal Information Act (POPIA).
Plus, an enforcement notice was issued against the justice department, which required it to submit proof within 31 days that all the necessary licenses (the SIEM license, the trend antivirus license, and the intrusion detection system license) had been renewed on time.
These licenses are necessary to protect the department against security issues. Hence, disciplinary action was also issued against the officials who were responsible for issuing these licenses, but they failed to do so.
Even back then, the justice department had promised to amp up security. It said that a portion of its 2022/2023 budget will be used to strengthen the department's cyber security so that an attack like this doesn't happen again.
However, as we can see now, a similar attack has happened, and the department's payment system has been disrupted once again. Does this hint at corruption within the system? Or is it plain and simple ignorance of the importance of cybersecurity?
South African Organizations Ruffled with CyberattacksBefore we put the entire blame on the justice department for its lack of security, it's important to note that this has been a trend in South Africa for a while now, i.e., a lot of South African organizations have recently been victims of cyberattacks.
For example, just last month the International Trade Administration Commission of South Africa was hit by a cyberattack. Similarly, the Government Employees Pension Fund, which has more than 1.2 million active members, was also compromised in an attack.The reason behind the sudden rise in cyberattacks on South African government organizations is unknown. However, according to Information Regulator chairperson advocate Pansy Tlakula, the watchdog has been receiving more than 150 breach notifications a month.
The post South Africa's Justice Department Suspends Third-Party Payments after Attempted Cyberattack appeared first on The Tech Report.