Cyber Incident Victim: Transnet

On July 22, 2021, a cyber attack disrupted container operations at South Africa's state-owned Transnet, impacting critical port facilities in Cape Town and Durban. The attack occurred early that Thursday, according to three unnamed sources with direct knowledge, forcing a complete halt to cargo movement at Cape Town until systems could be restored. Durban, sub-Saharan Africa's busiest shipping terminal, also experienced operational disruptions. Transnet's official website became inaccessible, displaying error messages, while the company confirmed disruptions across its IT applications but declined to publicly attribute the cause to a cyber attack. The Cape Town Harbour Carriers Association notified members via email that port operating systems had been compromised, explicitly citing a cyber attack as the reason for suspending cargo operations. This incident followed unrelated physical disruptions to Transnet's ports and freight rail network the previous week caused by civil unrest, though authorities stated they were treating the cyber incident as a separate event.

Transnet initiated investigations to determine the cause of the IT disruptions while maintaining normal operations in its freight rail, pipeline, engineering, and property divisions. The attack primarily delayed container and auto parts shipments, though mineral commodities exported through Durban—including copper and cobalt from mining operations in the Democratic Republic of Congo and Zambia—were largely unaffected as they utilized different port sections. Government officials acknowledged the investigation was ongoing and pledged an official announcement once the cause was confirmed. Industry sources warned the disruption would create logistical backlogs requiring significant time to resolve, compounding existing challenges from recent unrest. Transnet provided no restoration timeline but emphasized its container terminals remained the only operations substantially impaired by the incident.