’n Kubermisdaadgroep het een van Statistieke Suid-Afrika (StatsSA) se databasisse geïnfiltreer en 154 GB se data gesteel. Altesaam 453 362 datalêers is gesteel.
Die kubermisdaadgroep genaamd XP95 eis nou ’n losprys van $100 000 (oftewel R1,7 miljoen) by StatsSA óf die gesteelde data word aan die publiek uitgelek. Die instelling het glo tot 20 April om die betaling te maak.
StatsSA is egter nie van plan om die losprys te betaal nie.
Semakaleng Thulare, waarnemende adjunk-direkteur-generaal van statistiese ondersteuning en informatika by die instelling, het Maandag aan Maroela Media gesê StatsSA word deur die Wet op Openbare Finansiële Bestuur gereguleer.
“Ons word dus deur wetgewing beperk om byvoorbeeld ʼn losprys te betaal.”
StatsSA is wel bewus van ’n kuberveiligheidsbreuk, het Thulare Maandag bevestig.
Volgens Thulare is slegs een databasis – die agentskap se menslikehulpbrondatabasis – geraak deur die kuberveiligheidsbreuk.
“Die stelsel wat geïnfiltreer is, was uitsluitlik die menslikehulpbronstelsel wat beskikbaar is vir werksoekers om aanlyn aansoek te doen,” het Thulare verduidelik. “Die nasionale statistiekkantoor is deel van ’n breër regeringsreaksie op sake wat verband hou met kuberveiligheidsbreuke.”
Thulare sê StatsSA sal dus die inligtingsreguleerder in kennis stel en deur hul prosesse gelei word.
Dit is die tweede keer vandeesmaand dat die XP95-kubermisdaadgroep ’n staatsentiteit teiken.
Die groep het ook vroeër die maand die provinsiale regering van Gauteng se stelsels geïnfiltreer. Die groep het toe 3,8 TB van mense se persoonlike data op die provinsiale regering se bedieners gesteel en teen R400 000 te koop aangebied.
VECERT Analyzer, ’n platform vir intelligensie van kuberbedreigings, sê egter die jongste aanval kompromitteer die integriteit van die land se sentrale databasis van sensus-, ekonomiese en sosiale aanwysers.
???? Data Theft at Statistics South Africa (Stats SA) ????????????
Analyzer has detected a new mass extortion operation carried out by the XP95 actor, this time targeting Statistics South Africa, the country's national statistics agency. The attack compromises the integrity of the… pic.twitter.com/vIVAtbWMiU
— VECERT Analyzer (@VECERTRadar) March 29, 2026
Facts Only
A cybercrime group named XP95 infiltrated a Statistics South Africa (StatsSA) database.
154 GB of data, comprising 453,362 files, was stolen.
XP95 is demanding a $100,000 ransom, with a deadline of April 20.
StatsSA is regulated by the Public Finance Management Act and will not pay the ransom.
The breach affected only the agency's human resources database, used for online job applications.
This is the second attack by XP95 in April, following a breach of the Gauteng provincial government's systems.
In the Gauteng attack, 3.8 TB of personal data was stolen and offered for sale at R400,000.
StatsSA has confirmed the security breach and will notify the information regulator.
External analysts suggest the attack may compromise the integrity of South Africa's central statistical database.
Executive Summary
Full Take
The strongest version of this narrative highlights a growing trend of cyber extortion targeting government institutions, with XP95 demonstrating a pattern of aggression against South African entities. The article presents a clear timeline and verifiable facts, avoiding overt emotional manipulation. However, the framing of the breach's impact is ambiguous—StatsSA downplays the severity by limiting it to HR data, while external analysts suggest broader implications for national statistical integrity. This tension could reflect a motte-and-bailey tactic, where the official stance minimizes risk while critics amplify it.
Root cause: The narrative assumes government institutions are inherently vulnerable due to regulatory constraints (e.g., inability to pay ransoms) and outdated cybersecurity measures. It echoes historical patterns of state actors and criminals exploiting institutional weaknesses, particularly in regions with underfunded digital infrastructure.
Implications: The attack undermines public trust in data security, potentially deterring citizens from engaging with government services. Second-order consequences include reputational damage to StatsSA and increased scrutiny of South Africa's cybersecurity policies. The financial burden of recovery will likely fall on taxpayers, while the perpetrators remain unaccountable.
Bridge questions: How might the government's refusal to pay ransoms influence future cyberattack strategies? What systemic vulnerabilities enable repeated breaches of this nature? Would a coordinated national cybersecurity framework mitigate these risks, or is this a symptom of deeper governance failures?
Counterstrike scan: A bad actor pushing this narrative might aim to erode confidence in government institutions, framing them as incompetent or corrupt. The actual content does not fully align with this pattern, as it presents both official responses and external critiques without overt bias. However, the emphasis on the ransom demand and potential data leaks could be weaponized to fuel public anxiety.
Patterns detected: ARC-0043 Motte-and-Bailey (official vs. external framing of breach severity).
Sentinel — Human
The article shows strong signs of human authorship, with natural language irregularities, specific sourcing, and cultural context unlikely to be generated by AI.