Cyber Incident Victim: South African Post Bank / Postbank
Date:
Dec 2022
Location:
South Africa
Summary
A malicious cyberattack targeted the financial institution, disrupting social grant payments and prompting temporary suspension of ATM transactions to secure national payment systems. External cybersecurity experts were engaged, and a forensic investigation was initiated following the multi-vector attack. The organization claimed timely detection prevented impact on beneficiaries, subsequently migrating grant disbursements to a more secure platform. Concurrently, systemic delays affected hundreds of thousands of clients awaiting payments through various channels, with identity verification challenges contributing to backlogs spanning several months.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early December 2022, the South African Postbank experienced a malicious cyber incident that disrupted social grant payments and ATM services. The attack prompted immediate engagement with external cybersecurity experts and a forensic investigation to address the threat. Postbank’s project management office head, Neo Moja, described the incident as involving "heightened and serious cyberattacks" originating from multiple vectors, necessitating temporary suspension of ATM transactions to protect the national payment infrastructure. The bank had previously suffered a R77 million loss in a 2021 IT system breach suspected to involve a contractor, underscoring recurring vulnerabilities. During the December incident, Postbank collaborated with industry partners to contain the attack and initiated system upgrades to bolster security. Spokesperson Dr. Bongani Diako confirmed the attack was detected promptly, emphasizing that no South African Social Security Agency (Sassa) beneficiaries suffered financial harm due to these interventions.
The cyber incident exacerbated existing payment backlogs affecting social grant recipients. At the time of the attack, approximately 350,000 Cashsend clients and 489,837 Postbank clients were awaiting payments dating back to August 2022, with delays partly attributed to identity verification processes. While the December attack did not directly compromise beneficiary funds, it disrupted transactional systems, compelling Postbank to migrate grant payments to a more secure platform. Parliamentary discussions highlighted operational challenges, including staffing inefficiencies at Sassa that hindered query resolution. The government concurrently advanced plans to transform Postbank into a state bank focused on financing small enterprises, as reiterated by President Ramaphosa in his State of the Nation address. Postbank’s response remained constrained by an ongoing investigation, with no additional technical details about the attack’s scope or methods disclosed publicly.