Cyber Incident Victim: Eastern Platinum Limited
Date:
May 2025
Location:
South Africa
Summary
Eastern Platinum Limited detected a cybersecurity incident affecting its internal IT systems and promptly implemented containment measures to protect its network and data. The company engaged cybersecurity experts to investigate the scope and undertake remedial actions while confirming that business operations continued without disruption. Unauthorized disclosure of certain internal files occurred on a restricted part of the internet, prompting a review to ensure compliance with legal obligations and safeguard commercial interests. The incident has been reported to appropriate authorities, and the company remains focused on enhancing its data security and maintaining stakeholder trust.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 27, 2025, Eastern Platinum Limited detected a cybersecurity incident that affected its internal information technology systems. Upon detection, the company initiated immediate containment measures designed to isolate the affected systems and protect its network and data from further compromise. Following containment, Eastern Platinum Limited engaged external cybersecurity experts to conduct a thorough investigation into the incident’s scope, origin, and potential impact. The investigation was undertaken to identify any compromised assets and to determine the appropriate remedial actions required to restore security. Throughout the response, the company maintained that its core business operations continued without interruption, indicating that production and processing activities at its mines were not halted. Eastern Platinum Limited stated that it was working closely with the experts to implement necessary remedial actions, which included patching vulnerabilities, strengthening access controls, and monitoring for any residual threats. The company emphasized that the containment and investigative efforts were prioritized to safeguard its information assets while maintaining operational stability.
During the investigation, Eastern Platinum Limited learned that certain files related to its internal affairs had been disclosed without authorization by third parties on a restricted part of the internet. The company began an active review of these disclosed files to verify their content, assess any potential legal or regulatory implications, and ensure ongoing compliance with its obligations. This review also aimed to safeguard the company’s commercial interests by determining whether any sensitive proprietary information had been exposed. Eastern Platinum Limited reported the incident to the appropriate authorities as required by applicable legal and regulatory frameworks. In parallel, the company reiterated its commitment to protecting and continuously enhancing its data security and systems, noting that the incident had highlighted areas for improvement. Eastern Platinum Limited expressed its dedication to maintaining the trust and confidence of its stakeholders, including investors, employees, and business partners, through transparent communication and sustained security efforts. The company concluded that its response actions were focused on addressing the immediate incident, mitigating any residual risk, and reinforcing its overall cybersecurity posture.