Security compromise of the CIPC- Business Continuity

Many of you might have read in the media, that the CIPC experienced a security breach.

Without detracting from the seriousness of such incident, it’s important to mention that the CIPC is not the only organization that has been subjected to such a breach, and there has been a massive increase of cyber-attacks within South Africa and it would seem that as a jurisdiction, we are being targeted.

Breaching the security infrastructure of any organization, institution or agency is nothing more than a criminal act and the perpetrators are criminals that should be portrayed as such. As a result of the criminal nature of the unlawful and mala fide breach of the CIPC security systems and protocols, the necessary steps will be taken to ensure that the guilty are held responsible for the crimes committed.

As soon as the breach became known, the CIPC proceeded to comply with all requirements in terms of the Protection of Personal Information Act, 4 of 2013, by notifying the Information Regulator, the South African Police Service and the State Security Agency of the security compromise and publishing a media statement to that effect. Every reasonable steps are being taken to ensure that the CIPC systems and platforms are protected from unlawful and//or unauthorized access and abuse, and remain available to our clients for transacting.

We will continue to transact and service our clients with efficiency in all areas of our core mandate as we have been and are currently doing. The CIPC has always been aware of the possibility of attacks against its databases and over the years have invested significantly in the best technology to secure the data kept on our registers, despite having the legal obligation to disclose same.

The recent events have necessitated the CIPC to remind our clients of the content of section 187(4)(c) of the Companies Act, 71 of 2008, which states: –

“(4) The Commission must-
(c) make the information in those registers efficiently and effectively available to the public, and to other organs of state;

In terms of our governing legislation, the information contained on the CIPC registers form part of the public domain and can be accessed by any person when the legal and lawful processes are followed.

Due to the increased regulatory compliance frameworks within South Africa brought about by the General Laws Amendment Act, 22 of 2022, criminals are feeling the pressure and as one of the Regulators tasked with enforcing compliance to the legislation, the CIPC is not immune to levels of criminality levelled against it.

The resultant effect is heightened awareness of security (especially cyber security) risks and greater vigilance in terms of the protection of the data the CIPC is custodian of.

CIPC has been and continue to deploy additional security and verification layers on all our transactional platforms, and our clients are urged to update and amend all passwords and login information, as an added security measure.

The Commission, established by the Companies Act, 71 of 2008, will perform its functions, without fear, favour or prejudice and will continue to fulfill its obligations and objectives, even in the face of Criminal adversity.

Notice 20 of 2024