By Johnathan Paoli
Statistics SA has confirmed a cybersecurity breach, but insists the incident was limited to a single human resources database, despite claims by hackers that hundreds of thousands of files were stolen.
“Stats SA is aware of a cybersecurity breach affecting one Human Resources database. The system that was breached is exclusively the HR system available for job seekers to apply online. The hacker group is called XP95,” Acting DDG for Statistical Support and Informatics, Semakaleng Thulare confirmed on Monday.
ALSO READ: WATCH: Who is Mike van Wyk, a name MPs, Mkhwanazi and others keep repeating
The confirmation follows cybercrime group XP95 claiming responsibility for the attack, alleging it extracted more than 453,000 files totalling 154GB of data from a Stats SA server.
Stats SA, however, maintained that the breach did not extend to its core statistical systems, which house sensitive national datasets.
The agency confirmed it would follow legal procedures in responding to the breach and would notify the information regulator.
The attack marks the second major breach of a government entity in March, raising concerns about the vulnerability of public sector systems to increasingly sophisticated cyber threats.
ALSO READ: SA’s investment prospects buoyed by economic recovery – Ramaphosa
XP95 has reportedly demanded a ransom of about R1.7 million in exchange for not releasing the data publicly, setting a deadline of 20 April.
It previously claimed responsibility for a major ransomware attack on the Gauteng provincial government, allegedly stealing 3.8 terabytes of data comprising over 3.6 million files, while releasing a 1.8GB sample online containing sensitive personal information such as ID documents, passports, and CVs.
The group, which only emerged earlier this month, has quickly drawn attention for its unusual branding and tactics.
Its dark web leak site mimics older Microsoft Windows interfaces, combining elements of Windows XP and Windows 95, a design choice that inspired its name.
ALSO READ: ANC Eastern Cape turns to damage control after conference collapse
Stats SA is a critical institution in the country’s governance framework, responsible for producing official data used in policymaking, including census results, inflation figures, employment statistics, and economic indicators.
Recent reports indicate a sharp rise in cyber extortion globally, with attacks becoming more frequent and more sophisticated.
The use of artificial intelligence tools by cybercriminals has further accelerated this trend, enabling more convincing phishing campaigns and faster exploitation of system vulnerabilities.
For now, Stats SA has sought to reassure the public that its core statistical infrastructure remains intact, while government cybersecurity teams continue to assess the full scope of the breach and prepare mitigation measures ahead of the hackers’ deadline.
“Our technical team, in collaboration with other key stakeholders in the areas of cyber security, is busy with an assessment of our ICT infrastructure and application of additional measures to fully secure the affected areas,” Thulare said.