Itac withheld news of security breach to avoid ‘panic’

Published: 2024-04-22 15:05 +02:00 by Nkosinathi Ndlovu tag: Information security

Itac chief commissioner Ayabonga Cawe said the commission followed all legal and regulatory protocols.

South Africa’s International Trade Administration Commission ( Itac ) has said the reason it waited for three months to make its stakeholders aware of a security breach on its on-premises servers was because the organisation’s initial lack of information, including the extent of the breach, would have likely led to “panic”.

Speaking to TechCentral in an interview on Friday, Itac chief commissioner Ayabonga Cawe said the trade commission chose to follow all legal and regulatory protocols while trying to get to the bottom of the matter before making any public disclosures.

According to a report in the Sunday Times at the weekend, XA Global Trade Advisors CEO Donald MacKay said its clients, importers and exporters whose personal information is held by Itac are alarmed at the security compromise and the amount of time that passed before Itac revealed what happened.

The rise in the number of security breaches involving government entities in South Africa is a cause for concern

“We became aware of the breach in early January and we had to subsequently trigger a series of disclosures to law enforcement authorities and the Information Regulator,” said Cawe.

“Because we were operating on imperfect information about what had happened, we had to commission a forensic probe, which is now under way. That is what accounted for the lag between us finding out and informing many of our stakeholders.”

Itac is a government agency that administers trade instruments and provides technical advice on trade policy to the department of trade, industry & competition. Part of its work involves administering the granting of trade permits. Itac also undertakes investigations around trade defence instruments to protect the local economy from subsidised imports and practices, including dumping. Itac also conducts investigations regarding the tariff book that informs the import duties associated with various product categories.

Data collected

As such, Itac holds data relating to both companies and individuals in its databases, as well as data pertaining to its internal operations, including personnel records and salaries. According to Cawe, this is the data that was exposed in the breach.

“A person applying for a permit to import a vehicle into the country, for example, would fill out a form which includes their personal details and details about the make, model and price of the vehicle. In the course of our investigative work, we collect information relating to the management accounts of various businesses – which includes information about sales volumes and wage books,” said Cawe.

Read: CIPC hack: customers urged to change passwords

The rise in the number of security breaches involving government entities in South Africa is a cause for concern. Itac joins the CIPC and the Government Employee Pension Fund on a growing list of public sector organisations that have been hacked this year.

According to Cawe, Itac still does not know how its servers were compromised in the first place; nor does it know how long the intruders had access to its systems.

Ayabonga Cawe

The public disclosure of the breach itself, Cawe said, pre-empts the conclusion of the forensic investigation, which is expected to give more information about what transpired. He did not say when the probe’s findings will be disclosed to the public. In the meantime, Itac customers have been advised to exercise security hygiene by changing their passwords and ensuring they do not use the same credentials to access any other online services.

“The assurance we want to give to those who have their information with us is that we have taken steps to fortify our environment and to make it much more secure,” said Cawe. – © 2024 NewsCentral Media

Get breaking news alerts from TechCentral on WhatsApp

Enhanced Investments, Inc.
329 South Oyster Bay Road #2085
Plainview, NY 11803
team@eninvs.com

Important disclosures

Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.

Nothing on this website should be considered an offer, solicitation of an offer, or advice to buy or sell securities.
Past performance is no guarantee of future results. Any historical returns, expected returns [or probability projections] are hypothetical in nature and may not reflect actual future performance.
All the strategies assume investments in equity invstrumenta only and are more relevant for "agressive investment profile". Eastern European flagship strategy assumes using up to 20% leverage of total portfolio. GlobalCommodities and US Growth strategy currently assume no leverage.
Results for the Enhanced Investments strategies as compared to the performance of Illustrative Benchmarks is for informational purposes only. Our investment program does not mirror that of the Illustrative Benchmarks and the volatility may be materially different from the volatility of Illustrative Benchmarks. Reference or comparison to an Illustrative Benchmark does not imply that strategies of Enhanced Investments will be constructed in the same way as the Illustrative Benchmark or achieve returns, volatility, or other results similar to those of the Illustrative Benchmark. The S&P 500 is an unmanaged market capitalization-weighted index of 500 common stocks chosen for market size, liquidity, and industry group representation to represent U.S. equity performance.
Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.