Justice department fined R5m for laxness after hack attack

The Information Regulator has fined the department of justice and constitutional development R5m.

This is for failing to comply with an enforcement notice issued in May after the department was found to have contravened sections of the Protection of Personal Information Act (Popia).

The department had been instructed to submit proof to the regulator within 31 days that its Trend Anti-Virus licence, SIEM licence and Intrusion Detection System licence have been renewed. It also required the department to institute disciplinary proceedings against the official/s who failed to renew the licences, which are necessary to safeguard the department against breaches in security.

In September 2021 the department suffered a cybercrime breach effected through ransomware. All its information systems were encrypted. This affected court operations, maintenance payments and the functioning of the Master’s Office, where deceased estates are processed. In 2020, hackers also accessed the Guardian’s Fund and stole R10m.

TimesLIVE reported in June that cyber thieves had breached the department of justice systems for the third time in as many years, making off with R18m from the Guardian’s Fund in KwaZulu-Natal and Free State.

TimesLIVE

Support independent journalism by subscribing to the Sunday Times. Just R20 for the first month.