Cyber Incident Victim: Sibanye-Stillwater

A cyberattack impacted Sibanye-Stillwater's global IT infrastructure starting on the morning of July 8, 2024, disrupting servers and systems across the company's operations. The Johannesburg-based precious metals producer detected unauthorized access to its IT environment, prompting immediate containment measures. Company personnel proactively isolated affected IT systems to prevent further compromise and protect sensitive data from exfiltration. This isolation caused limited operational disruptions globally, though core mining, processing, and metals production activities continued normal operations without interruption. Sibanye-Stillwater's physical mining assets in South Africa (platinum and gold), the United States (Montana palladium mine), and battery metal projects in Finland, France, and Australia remained unaffected by the digital intrusion. External cybersecurity experts were engaged to assist internal teams in forensic analysis, system restoration, and breach investigation.

Technical recovery efforts focused on identifying the intrusion vector and restoring full system functionality, with partial IT capabilities remaining operational during remediation. Company spokesperson James Wellsted confirmed no ransom demands had been received as of July 11, and threat actor attribution remained undetermined. The incident investigation prioritized understanding the attack methodology and scope while maintaining business continuity across mining operations. Sibanye-Stillwater allocated resources toward complete system remediation without disclosing specific technical details about compromised systems or data exposure risks. Corporate communications emphasized ongoing coordination between internal security teams and external consultants to resolve residual impacts from the infrastructure disruption.