South Africa Faces a Surge in Data Breaches as Cyber Attacks Intensify

A growing threat beneath the surface

South Africa has long battled load shedding, water shortages, and rising crime; yet another crisis has quietly accelerated in the background. The country is experiencing one of its worst periods of data breaches and cyber incidents, and most people never hear about them.

According to the Information Regulator, many organisations are quietly reporting compromise after compromise. The 2024 and 2025 financial years saw thousands of breaches, but the scale only becomes real when looked at closely. Between April 2024 and March 2025, two thousand three hundred and seventy-four incidents were formally reported. That worked out to an average of nearly two hundred notifications every month.

As the 2025 financial year progressed, the picture worsened. From April 2025 to date, one thousand nine hundred and forty-seven breaches were reported. This reflects an average of almost three hundred notifications a month. The increase amounts to a forty percent spike in security compromises across the country.

Information Regulator chairperson Pansy Tlakula has described the situation as deeply concerning and urged both public institutions and private companies to strengthen their defences. She believes organisations must invest in proper security measures, maintain strong internal systems, and protect the personal information they hold.

Cyberattacks that made headlines

Some incidents became public knowledge because the victims acknowledged them or the attackers bragged online. One ransomware group named Beast recently claimed responsibility for attacking the Methodist Church of South Africa and threatened to leak one hundred and fifty gigabytes of stolen data.

In another major incident, the Zondo Commission’s website was hacked and temporarily replaced with links to Indonesian gambling and shopping pages. Around the same time, a group known as INC Ransom targeted Altron Netstar and leaked more than five hundred gigabytes of its data onto the dark web.

The health sector was not spared either. The Everest Group claimed it stole data from Mediclinic, including information about one thousand employees. Within days, Adidas South Africa issued its own notice that customer details may have been exposed.

Telecommunications companies also found themselves in the crossfire. MTN and Cell C both reported data breaches. Cell C confirmed that it had been the victim of a ransomware attack carried out by a group called RansomHouse. MTN shared fewer details but confirmed that some individuals in certain markets had been affected.

The business world suffered its own blows. Astral Foods, Eastplats, and Pam Golding all disclosed data breaches this year, adding to the growing list of affected companies.

The SharePoint flaw that caught the world off guard

A major global incident added further pressure when a zero-day vulnerability in Microsoft SharePoint gave attackers a backdoor into servers around the world. This flaw made it possible to impersonate legitimate users and access confidential information.

Several South African organisations were exposed as a result. The National Treasury confirmed that malware had been found on one of its SharePoint servers, showing how even top-level departments can be compromised.

Image 1: MyBroadband

When global espionage reaches South Africa

One of the most unsettling events involved a possible state-level attack. Intelligence analysts from Recorded Future reported that a Chinese state-sponsored group called RedNovember had likely breached the State Security Agency. While the details are limited, the evidence suggests that at least one South African organisation was targeted, and the only state security structure that fits the profile is the SSA.

This is not the first time questions have been raised about the agency’s cybersecurity. In 2023, the Information Regulator investigated a reported breach at the SSA following a Sunday World article. Around the same period, a group named Snatch claimed it had compromised the Department of Defence. Although the department initially dismissed the allegations, it later began an internal review before publicly denying that hackers had gained access.

A quiet crisis with loud consequences

Despite the size of these incidents, the public rarely hears about them. Current rules require organisations to notify the Information Regulator and affected individuals, but they do not have to make public statements. That means thousands of compromises happen behind closed doors.

South Africa now faces a turning point. The number of attacks is rising, criminal groups are becoming more sophisticated, and global espionage threats have reached state security structures. The Information Regulator argues that the only way forward is stronger investment in cybersecurity, modern systems, and a culture of responsibility around personal data.

For everyday South Africans, the risk is personal. A single breach can expose email addresses, phone numbers, bank details, or employee records. As threats grow, the country must decide how seriously it wants to protect its digital future.

Also read: South Africa Reaches a Crucial Economic Turning Point in the 2025 Budget

Follow Joburg ETC on Facebook, Twitter, TikTok and Instagram

For more News in Johannesburg, visit joburgetc.com

Source: MyBroadband

Featured Image: N.C. Department of Information Technology – NC.gov