Justice department wants to fight R5 million fine over ransomware attack in court

pMyBroadbandppThe Department of Justice and Constitutional Development DoJCD is taking the Information Regulator to court to appeal the R5 million fine the agency slapped it with after falling prey to a ransomware attack in 2021 TechCentral reports Pictured Pansy Tlakula Information Regulator chairppDepartmental spokesperson Steven Mahlangu reportedly said the court application was issued on 29 September 2023 and delivered to the sheriff on 2 October It is currently awaiting a responseppMyBroadband contacted Mahlangu for confirmation but despite being quoted in the article he said he could only comment once he had received confirmation from the directorgeneralppRepeated attempts to follow up with Mahlangu were met with silenceppThe Information Regulator imposed a R5 million fine on the department in July 2023 as an administrative penalty after failing to comply with an enforcement notice issued in MayppEssentially the regulator found that negligence contributed to the department falling victim to the attackppThe enforcement notice issued in May instructed the department to supply proof that it had renewed its security software licences within 31 daysppThe regulator said the attack would likely have been prevented or mitigated if the department had valid security software licences at the timeppIt instructed the department to renew its Trend AntiVirus Security Incident and Event Monitoring and Intrusion Detection System licencesppThe regulator also ordered that those responsible for the negligence must face disciplinary proceedingsppThe notice warned that the department would be guilty of an offence if it failed to carry out the regulators instructions and would face a fine of up to R10 millionppHowever the Department of Justice and Constitutional Development didnt respond to the enforcement notice leading the regulator to conclude it had not implemented the enforced remedial actionsppThe thirtyone days given to the department expired on 9 June 2023 the regulator saidppTo date the department has not provided the Regulator with a report on implementation of the actions required in the Enforcement Notice or any other communication in that regardppThe regulator imposed an administrative fine on the department on Monday 3 July 2023ppThe DoJCD has 30 days from 3 July 2023 to pay the administrative fine or make arrangements with the Regulator to pay the administrative fine in instalments or elect to be tried in court on a charge of having committed the alleged offence referred in terms of POPIA it saidppSouth Africas justice department fell victim to the ransomware attack on 6 September 2021ppRansomware attacks often see cybercriminals encrypt valuable files after accessing a victims systemsppSystem files are left intact so the victim can access the machine to see the ransom note often demanding payment in return for a method to decrypt the filesppIn a statement released three days later the department revealed that the attack had affected all its electronic systems including bail services email issuing letters of authority and the departmental websiteppAt the time Mahlangu said there was no evidence that peoples data had been compromisedppHowever it was later revealed that the attackers managed to grab 1204 filesppFollowing the departments statement a source told MyBroadband that the attackers had also encrypted all of the departments backups and demanded a ransom of 50 bitcoinsppWhile the department refuted the claim regarding the 50bitcoin ransom it didnt deny the allegation that its backups had also been encryptedppIts systems started coming back online a month after the attack took placeppIn March 2022 it emerged that the DOJCD had failed to renew IT contracts in 2021 after internal staff took over control of previously outsourced functionsppDepartment of Constitutional Development and Communications Headline Information Regulator ransomware attack Steven MahlanguppComments section policy MyBroadband has a new article comments policy which aims to encourage constructive discussions To get your comments published make sure it is civil and adds value to the discussionppppppIf you wanted to buy a secondhand vehicle where would your search beginppppView Resultsp