Cyber Incident Victim: Land Bank
Date:
Jan 2026
Location:
South Africa
Summary
Land Bank experienced a cyber incident that prompted the temporary shutdown of several internal IT systems and took its website offline, affecting both the bank and its insurance subsidiary while some services and transactions were interrupted. Senior leadership oversaw the response, with internal IT teams assisted by external cybersecurity specialists conducting a forensic investigation that identified ransomware deployed by an external party, and after implementing enhanced security measures the bank restored its website and systems, allowing relationship managers to maintain client access to banking services throughout the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In January 2026 Land Bank experienced a cyberattack that involved ransomware deployed by an external party, prompting the institution to take certain internal IT systems offline as a precautionary measure to protect its operations and sensitive information. The bank’s website was also disrupted and remained inaccessible for a period of time. The precautionary shutdown affected both the Land Bank and its subsidiary, Land Bank Insurance Company, with some banking services and transactions experiencing temporary interruptions. Rebecca Phalatse, who served as Head of Communications and Marketing at the time, stated that the action was necessary amid broader cybersecurity concerns affecting financial institutions globally. The disruption led the bank to focus on safeguarding its operations and the interests of its clients while assessing the scope of the incident.
Senior leadership oversaw the response, including TM Rikhotso as Chief Executive Officer, KH Mukhari as Chief Financial Officer, and the bank’s board of directors. Internal IT teams, supported by external cybersecurity specialists, were deployed to evaluate the situation and work toward restoring full functionality securely and responsibly. The bank launched a forensic investigation into the attack, which remained ongoing and had not disclosed specific details at the time of the March 2026 update. The Department of Agriculture reaffirmed Land Bank’s key role in the agricultural sector during this period. Clients were advised to change their passwords and monitor their accounts, while the Land Bank Insurance Division confirmed that banking details and terms remained unchanged.
By March 2026 the bank continued to operate through its relationship managers, emphasizing that its core business was not dependent on the website despite the site remaining down. The institution maintained communication with stakeholders about the ongoing recovery efforts and the implementation of additional safeguards. In April 2026 Land Bank announced that its website and internal systems had been fully restored following the cyber incident and the adoption of enhanced security measures. Acting Chief Executive Officer Jabu Mphambo confirmed the restoration, expressed appreciation for stakeholder patience and continued trust, and invited anyone needing assistance to contact the bank directly. The narrative concludes with the confirmation that the bank’s digital platforms were back online and operational.