South Africa government agency shuts down systems, tries to deny data breach

The Companies and Intellectual Property Commission (CIPC) apparently  experienced a significant data breach last week, compromising sensitive customer and employee data.

The Companies and Intellectual Property Commission (CIPC) is a government agency in South Africa responsible for the registration of companies, cooperatives, and intellectual property rights. It operates under the Department of Trade, Industry, and Competition.

The CIPC has performed an emergency system shutdown overnight from 2pm on Wednesday, 6 March, to 8am on Thursday, 7 March, affecting online and call centre services, as well as service centres in Cape Town, Johannesburg, Pretoria, and Durban.

CIPC claims that the action was not due to the breach, instead claiming "routine maintenance". This event coincided with an enforcemed for users to reset their passwords and implement multifactor authentication, which indicates data breach that has compromised credentials.

Cybersecurity company NEC XON discovered that 140 credentials related to the CIPC hack were being sold on the dark web as of Wednesday morning, 6th of March. The breach has been linked to a hacker group employing an exploit previously used to target the CIPC three years ago, indicating a recurring vulnerability.

Apart from the 140 credentials, no details are available about the nature of the attack or the magnitude of the impact.