GEPF concerned about pension fund data leak in ransomware attack

The Government Employees Pension Fund (GEPF) said on Tuesday it was concerned that data purportedly from its administrator, the Government Pensions Administration Agency (GPAA), has been released by ransomware group LockBit. 

“The GEPF is extremely concerned with this alleged security breach, as it was informed by GPAA that no data breach had occurred when it was notified of an attempt to gain access to GPAA systems by unknown individuals on February 16 2024,” said GEPF, the defined benefit fund which manages pensions and related benefits on behalf of government employees in South Africa. 

The fund said GPAA subsequently established that this was an attempt by LockBit, a notorious cybercrime gang that holds its victims' data to ransom. 

“[On Tuesday] morning, March 12 2024, after the release of certain GPAA data by LockBit on 11 March 2024, the GEPF has been informed by GPAA that preliminary investigations has found that the certain GPAA systems were compromised.”

The GPAA was investigating the alleged data breach and whether it affected the GEPF. 

The fund said GPAA had confirmed that preventive action was taken when it became aware of the attempted access to its systems.  The action included “shutting down” all systems to isolate affected areas. GPAA said pension payments were not affected. 

“The GEPF is engaging with the GPAA and its oversight authority, the National Treasury, to establish the veracity and impact of the reported data breach.”

The GEPF's clients are the about 1.265-million active members from more than 325 government departments and about 473,312 pensioners and other beneficiaries. 

TimesLIVE