©2021 Reporters Post24. All Rights Reserved.
The Companies and Intellectual Property Commission (CIPC) has revealed it suffered a security breach leading to the compromise of its clients’ and employees’ personal information.
The CIPC, which is part of the Department of Trade, Industry, and Competition, put a notice on its website about the incident on Thursday, 29 February 2024.
The CIPC is South Africa’s official regulatory body for registering companies, co-operatives, and intellectual property rights — including trademarks, patents, designs and copyrights.
While the CIPC’s notice said the breach was “attempted”, the fact that the actors had successfully exfiltrated data means the breach was at least partially successful.
The CIPC said its ICT and information security teams isolated and curtailed the compromise, allowing the relevant systems to be restored and available for processing.
“Our ICT technicians were alerted, due to extensive firewall and data protection systems in place at the CIPC, to a possible security compromise and as a result, certain CIPC systems were shut down immediately to mitigate any possible damage,” the CIPC said.
“Unfortunately, certain personal information of our clients and CIPC employees was unlawfully accessed and exposed.”
Among the vast records of data stored on the CIPC database are the names and addresses of registered South African businesses and their directors, as well as the names and details of patent and trademark holders.
The CIPC did not reveal any more information regarding the nature of the exposed data but urged its clients to be vigilant in monitoring credit card transactions and only authorise known and valid transaction requests.
“The extent of the exposure is being investigated and will be communicated as soon as possible,” the CI PC said.
The C IPC added that it recognised the importance of the consistent availability of its systems and the safeguarding of private information.
It assured that it was actively working to minimise the impact on the CIP C clients and employees.
“We apologise for any inconvenience caused and assure you that every reasonable step is taken to ensure that all CI PC systems and platforms are safe and protected from unauthorised and/or unlawful access.”
