Cyber Incident Victim: Department of Justice and Constitutional Development
Date:
May 2024
Location:
South Africa
Summary
The Department of Justice and Constitutional Development temporarily suspended its electronic payment system for third-party funds, including child maintenance, following attempted compromises, prompting beneficiaries to collect manual payments at courts with identity documentation while an investigation assesses potential breaches. A forensic team is examining suspicious activity, echoing a prior ransomware incident that resulted in compromised personal data, significant service disruptions, and regulatory fines for failing to renew critical security licenses, highlighting ongoing vulnerabilities within the entity's cybersecurity posture.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 23, 2024, the Department of Justice and Constitutional Development (DJ&CD) of South Africa announced the temporary suspension of its electronic payment system for third-party funds, including child maintenance payments, following attempts to compromise the system. The department issued a public advisory urging child maintenance beneficiaries to visit their nearest courts with original identity documents to receive manual payments until electronic services are restored. A dedicated forensic team was assembled to investigate potential breaches and suspicious activity, though the specific nature of the compromise attempts or the attackers’ methods were not disclosed. The department emphasized its commitment to fortifying systems against future breaches and apologized for inconveniences caused to beneficiaries. Media inquiries were directed to departmental spokesperson Ms. Kgalalelo Masibi. This incident disrupted a critical social support mechanism, forcing vulnerable recipients to rely on in-person transactions at courts, though the full scope of affected beneficiaries or data exposure remained unconfirmed pending the investigation.
This marks the second major cyber incident targeting the DJ&CD in three years, following a 2021 ransomware attack that encrypted all departmental information systems, rendering electronic services—including bail processing, website access, and email—unavailable. The 2021 breach compromised approximately 1,200 files containing personal data such as names, banking details, and contact information of individuals who had submitted information to the department. It also disrupted the IT systems of South Africa’s Information Regulator, causing a three-day website outage and email system failure. The regulator later fined the DJ&CD R5 million for violating the Protection of Personal Information Act (POPIA), citing failures to renew critical security licenses for Trend Anti-Virus, SIEM, and intrusion detection systems. The enforcement notice required disciplinary action against responsible officials and proof of license renewals within 31 days. The department had pledged to allocate part of its 2022/2023 budget to cybersecurity improvements after the 2021 attack, but the recurrence underscores persistent vulnerabilities. Broader context includes escalating cyber threats against South African government entities, such as recent attacks on the International Trade Administration Commission, the Companies and Intellectual Property Commission (CIPC), and the Government Employees Pension Fund, with national cybercrime losses estimated at R2.2 billion annually. The Information Regulator reported receiving over 150 data breach notifications monthly, reflecting a worsening threat landscape.