Contractor ‘possibly’ hacked and stole R77m from Postbank

Postbank - A member of the SA Post Office Group. Picture: Postbank/Facebook

Postbank - A member of the SA Post Office Group. Picture: Postbank/Facebook

Published Dec 29, 2022

Share

Cape Town - The Postbank lost R77m in a 2021 hack of its IT systems and the breach was possibly committed by one of its contractors, Communications and Digital Technologies director-general Omega Shelembe has told MPs.

Three investigations were ordered into the hack, but the department has kept the details under wraps. Shelembe was responding to questions from DA MP Bridget Staff Masango on behalf of the department this week.

The revelation comes a fortnight after the Cape Argus quoted Treasury Minister Enoch Godongwana as saying that the Federal Bureau of Investigation intercepted a hack attempt on the SA Reserve Bank in October this year.

Masango had asked how much the Postbank had lost due to “hacking and theft” in the last three financial years.

Shelembe did not offer much detail about the circumstances, except to divulge that the hack came at a cost of R77m to the department in the 2021/’22 financial year.

AmaBhungane recently reported that in October 2021, individuals made off with at least R89m in cash through SA Social Security Agency (Sassa) accounts by crediting Sassa grant recipients with large amounts and withdrawing these funds.

Shelembe alluded to the suspect being a Postbank contractor and said no Postbank employees were involved.

Shelembe said a technical expert has completed an investigation and the department believes that “one possible individual” may have been behind the cyberattack.

He said two other probes by the SA Post Office’s internal forensic unit and the Directorate for Priority Crime Investigation (Hawks) regarding the cyberattack were “ongoing”.

Postbank spokesperson Dr Bongani Diako said: “Bank crime is an issue of concern across the industry that Postbank takes seriously and we continue to improve security measures on.

“For the reasons to not want to educate perpetrators, as well as protect the processes under way and the integrity of the payments systems, Postbank will not go into any details (sic).”

Founder of World Wide Worx and tech analyst Arthur Goldstuck recently told the Cape Argus that SA’s state institutions and parastatals “have regularly demonstrated” that they are weak when it comes to dealing with the global escalation in cybercrime in recent years.

Goldstuck said: “The Transnet ransomware attempt and the crashing of the Department of Justice systems last year were the most dramatic, as they brought down two of the country’s most critical infrastructures.

“This revealed the extent to which hackers can cripple an economy, as well as the extent to which South Africa is vulnerable. It is difficult to state the exact flaws in cyber-security preparedness that allowed these breaches, as the victim organisations rarely reveal their weaknesses.

“However, the fact that it took them time to restore systems and services meant they were not using best practise defence and recovery processes and systems.”

Goldstuck said a key element of cybersecurity was visibility of attacks and the ability to analyse these in order to further shore-up defences.

“All these institutions were probably vulnerable due to not procuring cyber-security services and solutions from the best available sources,” Goldstuck said.

“If (hacking) was a case of granting tenders to well connected entities rather than the most qualified, then all of these organisations were compromising the nation's stability - or even sabotaging it - through treating cyber-security as another avenue for dispensing favours. As long as this approach is tolerated by government, South Africa remains vulnerable to hackers.”

soyiso.maliti@inl.co.za

Cape Argus