Cape Town - Participants in Western Cape Provincial Parliament (WCPP) events, media representatives, members of the Cape Town consular corps, job applicants and service providers have been advised to exercise vigilance in respect of their personal information following a WCPP cyber attack.
The WCPP on Wednesday published a notice in accordance with Section 22 of the Protection of Personal Information Act, 2013 (Act 4 Of 2013), of a data breach.
On May 23 the WCPP network and information and communications technology (ICT) systems were compromised by a malicious attack which was reported to police and the State Security Agency.
“While progress has been made in restoring the Provincial Parliament’s ICT infrastructure, the forensic auditors contracted by the Provincial Parliament have advised that a worst-case scenario assumption should be adopted in respect of whether its data has been compromised by the cyberatack.
To this end, the WCPP is proceeding on the assumption that some or all of its data has or may have been leaked.
“This also applies to personal information, such as names, email addresses, telephone and cellphone numbers, identity numbers, bank account information, and financial statements, held by the WCPP. This creates a heightened risk for the abuse of personal information,” the notice reads.
WCPP stakeholders, including participants in WCPP events, media representatives, members of the Cape Town consular corps, job applicants and service providers, are advised to exercise vigilance in respect of their personal information.
“Unfortunately, we do not know what or whose personal information may have been breached. We understand that any access of personal information is concerning and we therefore encourage all our stakeholders to follow practical advice and to be extra vigilant.
“The WCPP is working tirelessly to address the security concerns caused by the cyber attack and to reduce any risks to our stakeholders.”
Cyber security analyst and research psychologist Dr Kyle Bester said government systems were increasingly coming under attack due to the value of the data housed.
“This comes in the form of personal information and data on operational and strategic functions.
“In this technological age, ‘data’ is a hot commodity as this can be sold on the Dark Web, specifically sensitive information about employee data,” Bester said.
“What we see in SA is that we are continuously being targeted by phishing emails. Thus not only exploiting the technical element, but also the human psychology as well.
“The systems can be strengthened through updating your ICT capability and developing the cyber security awareness of employees.
However, no system is impenetrable from cyber threat actors.”
He said government agencies may not necessarily have the best cyber security infrastructure due to budgetary constraints, leading to more sophisticated attacks on weakened systems.
“In SA there should be greater emphasis on government and private sector collaboration. We also need to update our existing policies and guidelines and speed up their development as cyber attacks are becoming more sophisticated. It is vital for continuous improvement so that we can immediately detect threats.”
Cape Times