Cyber Incident Victim: Department for Women, Youth, and Persons with Disabilities

On April 16, 2020, the South African Department for Women, Youth, and Persons with Disabilities hosted a public Zoom webinar intended to address the impacts of COVID-19 on vulnerable populations. Minister Maite Nkoana Mashabane led the session, which was openly broadcast to maximize public participation, with approximately 400 individuals expressing interest in attending. During the event, unidentified attackers hijacked the webinar, disrupting the presentation by displaying pornographic images and propaganda to attendees, including journalists covering the briefing. The intrusion caused immediate confusion, with some participants initially believing the department itself was broadcasting the inappropriate content. The department terminated the compromised session and reconvened the meeting in a private setting shortly afterward.

The department issued a public apology via Twitter, characterizing the incident as a "technology-assisted assault" and acknowledging the breach’s disruptive and embarrassing nature. Official spokesperson Shalen Gajadhar clarified that the open attendance format—designed to accommodate last-minute registrants—precluded effective participant vetting, enabling the attackers’ access. Public backlash followed the incident, prompting the department to pledge enhanced security measures for future virtual engagements. They also committed to releasing a recording of the reconvened meeting to ensure stakeholders received the intended COVID-19 information. The hijacking underscored operational vulnerabilities in the department’s abrupt transition to public-facing digital platforms during the pandemic.