Five Things You Need to do After the CIPC Hack

“The Internet is a worldwide platform for sharing information. It is a community of common interests. No country is immune to such global challenges as cybercrime, hacking, and invasion of privacy” – (Lu Wei, the head of the General Office of the Central Leading Group for Internet Security and Informatization from August 2013 to June 2016)

On the 1st of March 2024, the CIPC admitted it had been hacked. The CIPC said in a statement that, “Our ICT technicians were alerted, due to extensive firewall and data protection systems in place at the CIPC, to a possible security compromise and as a result, certain CIPC systems were shut down immediately to mitigate any possible damage.”

While they referred to the incident as “an attempt” to hack their systems they also added, “Unfortunately, certain personal information of our clients and CIPC employees was unlawfully accessed and exposed.”

A few days later said they had been contacted by the hackers who allegedly proved they had access to the site since 2021 and the CIPC could be understating the damage done. Whether the claims made to MyBroadband are accurate or not, the possibility this hack has leaked private information from many or all of South Africa’s registered businesses and presumably given outside access to company registrations which potentially allows the hackers to make alterations to core business areas.

Together with a long-standing issue at SARS that periodically sees clients receiving an email or SMS stating, “unauthorised changes were made to your personal details on eFiling”, it is clear that South African businesses need to be aware of the risks of online attacks at key government organisations and more importantly, know what to do about them.

These are the main concerns:

Private information leaked

According to reports, the hackers may have gained access to the private credit card information used to make payments to the CIPC. MyBroadband quotes the alleged hackers as saying the CIPC was “processing and storing credit cards in the clear.” While most banks require access to an app as verification, the exposure of CVVs and expiry dates of cards is a risky proposition. When combined with other information stored on the site, such as the names, addresses and signatures of directors there is a real risk that company clients and contacts may be open to being scammed through fake profiles or other contacts generated by malicious third parties.

Access to Company registrations

If, as is alleged, hackers have gained unfettered access to the company registrations section and the login details for multiple clients, companies risk potential changes in their core information. Directors can be changed, addresses altered and critically, key documentation can be downloaded.

The latter is of great concern as these documents could allow a fraudster to open bank accounts in a company’s name. After that it becomes simple to contact clients saying that bank account details have changed, and even offer them the proof that they are speaking to legitimate company representatives. From there money could easily be siphoned into these phoney accounts and it may take weeks or even months to uncover.

What should you do?

With every company vulnerable it’s critical to take a number of steps immediately to mitigate the risk and potential damage.

  1. Check bank accounts and cardsMonitor your bank account and card transactions even more closely than before for any signs of suspicious activity. If any unusual activity does occur, report the incident to the bank immediately and consider cancelling any bank cards that may have been exposed on the CIPC website and ordering new ones.
  2. Warn your clients
    You may want to consider adding a warning to emails and client correspondence that asks them to treat any notices supposedly from your business of changes to bank account or personal details with caution due to the CIPC hack and SARS login leaks. The warning should carry the caveat that should they receive any bank detail change correspondence they should check with you directly before making alterations to payments.
  3. Change your usernames and passwords
    Change all login details. Assume your current passwords have been compromised and check whether you have used them on other sites as well. Even if this is not the case, it’s wise to change all your important passwords periodically, particularly those for bank accounts or other financial institutions.
  4. Warn your employees
    Alert all employees that any emails, calls or other communication from banks, insurers or fraud divisions should be treated as suspect. Instruct your employees to authenticate communications directly with those departments immediately (using contact details they know to be genuine) rather than give away any information to an unverified person. This is good practice anyway in light of surging cyberfraud generally, but the CIPC hack makes it essential.
  5. Remain vigilant

    We as your accountants are happy to help advise you on how to monitor the credit bureaus and banks to track any illegal accounts, which may be opened in your name and discover suspicious changes in the invoicing and payments. A client who usually pays regularly suddenly stopping is now cause for an immediate follow-up.

Don’t stop being cautious. These sorts of hacks can often come back to haunt a company months after they happen. Assume you will need to be careful for at least a year as the hackers work their way through their haul and try to make the most of it.