Companies must act now on CIPC hack

Published: 2024-03-11 16:31 +02:00 by Richard Frost tag: Information security

A lack of visibility into the extent of the CIPC hack and the information compromised puts companies at risk of fraud.

The author, Armata’s Richard Frost

The South African Companies and Intellectual Property Commission (CIPC) holds the registration details of companies, co-operatives and intellectual property rights within a vast database that comprises ID numbers, addresses, contact information and more.

It has also recently been compromised in a hack that has left millions of companies vulnerable. The lack of visibility into the type of information stolen is a very real concern, as some of the data should not be in the public domain, much less in the hands of hackers.

The CIPC website allows for organisations and individuals to verify a company using basic information such as the registration number, but the moment you get real information about directors such as their ID and where they live, there is ample opportunity for fraud and identity theft.

As the extent of the hack emerges, companies need to remain on the alert for at least six to 12 months

For example, using a company’s registration and director information, criminals can place an order for laptops with fake banking information and a fake address. The firm providing those laptops will then chase the company for payment of an order it didn’t make. Then the company is liable for the costs, not the threat actor.

In addition to impersonating a director, fraudsters can use the information to e-mail customers of legitimate organisations and claim the company has changed its bank account information. They can provide customers and suppliers with CIPC data that verifies who they are and essentially siphon funds away from the business. Customers will insist they’ve paid, but the funds have actually gone to a fraudulent account.

As the extent of the hack emerges, companies need to remain on the alert for at least six to 12 months – this type of attack has a long tail, and organisations need to protect themselves through constant vigilance. The risk is that many companies won’t realise they’ve been targeted until an incident is flagged. This can then cost them significantly in terms of reputational damage, financial loss and even customers.

Credit bureaus

Companies, whether they are large enterprises or solopreneurs, need to stay close to TransUnion and Experian right now. You need to see who is opening accounts in your name. For larger organisations, it’s worth taking a leaf out of the financial institution playbook and creating digitally stamped documents to prove that any request or purchase is coming from a legitimate company. Most importantly, though, for companies of all sizes, is to stay close to the credit bureaus so they can quickly catch any unusual activity.

To mitigate potential customer fallout, companies should contact their customers and highlight the risks, asking them to be aware of any changes in day-to-day interactions and confirm in person if any requested changes are genuine.

Every company in South Africa needs to send out an e-mail to customers highlighting the potential risks and giving them insight into how they can prevent them. In addition, individuals need to be aware of fake calls and scams – if a caller says they’re from a fraud division, instead of paying or providing personal information, suggest calling them back first. The CIPC hack essentially asks that companies and individuals increase their vigilance across all platforms so they don’t fall victim to crime.

Read: CIPC hack: customers urged to change passwords

For many companies and individuals, a successful hack or case of fraud can leave them financially destitute and there are limited legal and governmental protections in place. While this landscape is changing, the best step forward is to be on constant alert to avoid the need to take the CIPC on a long, drawn-out court case or rebuild your business from scratch.

Richard Frost is head of consulting at Armata

Get breaking news alerts from TechCentral on WhatsApp

Enhanced Investments, Inc.
329 South Oyster Bay Road #2085
Plainview, NY 11803
team@eninvs.com

Important disclosures

Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.

Nothing on this website should be considered an offer, solicitation of an offer, or advice to buy or sell securities.
Past performance is no guarantee of future results. Any historical returns, expected returns [or probability projections] are hypothetical in nature and may not reflect actual future performance.
All the strategies assume investments in equity invstrumenta only and are more relevant for "agressive investment profile". Eastern European flagship strategy assumes using up to 20% leverage of total portfolio. GlobalCommodities and US Growth strategy currently assume no leverage.
Results for the Enhanced Investments strategies as compared to the performance of Illustrative Benchmarks is for informational purposes only. Our investment program does not mirror that of the Illustrative Benchmarks and the volatility may be materially different from the volatility of Illustrative Benchmarks. Reference or comparison to an Illustrative Benchmark does not imply that strategies of Enhanced Investments will be constructed in the same way as the Illustrative Benchmark or achieve returns, volatility, or other results similar to those of the Illustrative Benchmark. The S&P 500 is an unmanaged market capitalization-weighted index of 500 common stocks chosen for market size, liquidity, and industry group representation to represent U.S. equity performance.
Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.