LockBit gang takes responsiblity for attack on South African pension fund

The LockBit ransomware gang has taken responsibility for a cyberattack on the South African Government Pensions Administration Agency (GPAA). The attack was executed in February 2024 and led to disruptions in the organization's operations and pension payments. Local news outlets have reported disruptions in pension payments to recipients starting on February 12, and the closure of the organization’s offices from February 16 to February 21, attributed to efforts to prevent unauthorized access to its systems.

The GPAA oversees the funds of the Government Employees Pension Fund (GEPF), which is the largest pension fund in Africa. This fund is responsible for administering the pensions of approximately 1.7 million government employees, pensioners, as well as their spouses and dependents.

Despite initial assurances from the GPAA to the GEPF that no data breach had occurred, the statement was updated following the publication of certain GPAA data by LockBit on March 11th. The new statement reveals that preliminary investigations have discovered compromises in certain GPAA systems.

No details are disclosed about the impact of the attack.

The GPAA is currently investigating the extent of the alleged data breach and its potential impact on the GEPF. The GPAA did not comment on these developments. The GEPF is collaborating with the agency and the South African National Treasury to determine the true extent and impact of the reported data breach and promises to provide further updates in due time.