The CIPC hack has potentially serious consequences

March 2024 Editor's Choice, Information Security

The South African Companies and Intellectual Property Commission (CIPC) holds the registration details of companies, co-operatives, and intellectual property rights within a vast database that includes ID numbers, addresses, contact information, and more. The CIPC was recently compromised in a hack that left millions of companies vulnerable.


Richard Frost

Richard Frost, Head of Consulting at Armata, points out that the lack of visibility into the stolen information is a real concern, as some of the data should not be in the public domain, much less in the hands of hackers.

“The CIPC site allows organisations and individuals to verify a company using basic information such as the registration number, but the moment you get real information about directors such as their ID and where they live, there is ample opportunity for fraud and identity theft,” he explains. “For example, criminals can order laptops with fake banking information and a fake address using a company's registration and director information. The firm providing those laptops will then chase the company for payment for an order it did not make. Then the company is liable for the costs, not the threat actor.”

In addition to impersonating a director, fraudsters can use the information to email customers of legitimate organisations and claim the company has changed its bank account information. They can provide customers and suppliers with CIPC data that verifies who they are and essentially siphon funds away from the business. Customers will insist they have paid, but the funds have gone to a fraudulent account.

As the extent of the hack emerges, companies need to remain on the alert for at least six to 12 months. This type of attack has a long tail, and organisations need to protect themselves through constant vigilance. The risk is that many companies will not realise they have been targeted until an incident is flagged. This can then cost them significantly in terms of reputational damage, financial loss, and even customers.

“Companies, whether large enterprises or solopreneurs, need to stay close to TransUnion and Experian right now,” says Frost. “You need to see who is opening up accounts in your name. For larger organisations, it is worth taking a leaf out of the financial institution playbook and creating digitally stamped documents to prove that any request or purchase is coming from a legitimate company. Most importantly, though, for companies of all sizes, is to stay close to the credit bureaus so you can quickly catch any unusual activity.”

To mitigate potential customer fallout, companies should contact their customers and highlight the risks, asking them to be aware of any changes in day-to-day interactions and confirm in person if any requested changes are genuine.

“Every single company in South Africa needs to send out an email to customers highlighting the potential risks and giving them insight into how they can prevent them,” concludes Frost. “In addition, individuals need to be aware of fake calls and scams – if a caller says they are from a fraud division, instead of paying or providing personal information, suggest calling them back first. The CIPC hack essentially demands that companies and individuals increase their vigilance across all platforms so they do not fall victim to crime.”

For many companies and individuals, a successful hack or case of fraud can leave them financially destitute, and there are limited legal and governmental protections in place. While this landscape is changing, the best step forward is to be on constant alert to avoid the need to take the CIPC on a long, drawn-out court case or rebuild your business from scratch.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Cybersecurity and insurance partnership for sub-Saharan Africa
Sophos News & Events Information Security Security Services & Risk Management
Sophos and Phishield Announce first-of-its-kind cybersecurity and insurance partnership for sub-Saharan Africa. The SMARTpod podcast, discussing the deal and the state of ransomware in South Africa and globally, is now also available.

Read more...
Corporate and academic teams can register for Kaspersky contest
Kaspersky News & Events Information Security
Kaspersky has announced the registration opening for its new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...
ISPA’s take-down process protects from local scams
News & Events Information Security
During the recent school holidays, parents could rest a little easier knowing that ISPA, SA’s official internet industry representative body, is removing an average of three to four problematic websites from the local internet every week.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.