CIPC hack, the perfect threat example

It’s the magnitude of repercussions in an organization after the aftermath of a cyber attack that lingers.

The South African Companies and Intellectual Property Commission (CIPC) was compromised recently and we look at the repercussions such as compromised registration details which exposed millions of companies to fraud and identity theft risks.

Richard Frost, Head of Consulting at Armata helps us look at how some sensitive data shouldn’t be in public hands, especially if it was retrieved under dubious circumstances.

It’s clear that the CIPC hack displayed a serious consequence for South African companies as it highlights a lack of visibility in terms of security.

The CIPC holds registration details of companies, co-operaties an intellectual property rights within a vast database that has ID numbers, addresses, contact information and more.

“The CIPC site does allow for organisations and individuals to verify a company using basic information such as the registration number, but the moment you get real information about Directors such as their ID and where they live, there is ample opportunity for fraud and identity theft,” he says.

“For example, using a company’s registration and Director information, criminals can place an order for laptops with fake banking information and a fake address. The firm providing those laptops will then chase the company for payment of an order it didn’t make. Then the company is liable for the costs, not the threat actor.”

Fraudsters can impersonate a director, and use the information to email customers of legitimate organisation and claim the company has changed its bank account information.

They can provide customers and suppliers with CIPC data that verfies who they are and essentially siphon funds away from the business.

Customers will insist they have paid but the funds have actually gone to a fraudulent account.

As the extent of the hack emerges, companies need to remain on the alert for atleast six to 12 months.

The danger here is that many companies won’t realize they’ve been targetted until an incident is flagged.

This can cost any company significantly in terms of reputational damage.

“Companies, whether they are large enterprises or solopreneurs, need to stay close to TransUnion and Experian right now,” says Frost.

“You need to see who is opening up accounts in your name. For larger organisations, it’s worth taking a leaf out of the financial institution playbook and creating digitally stamped documents to prove that any request or purchase is coming from a legitimate company. Most importantly, though, for companies of all sizes, is to stay close to the credit bureaus so you can quickly catch any unusual activity.”

The message is clear, if a caller says they’re from a fraud division, instead of paying or providing personal information, suggest calling them back first.

A financial hack can leave people financially destitute and there are limited legal and government legislation in place for protection.

The landscape is changing but the rule remains, prevention is always better than cure and the best possible practice is to always stay vigilant.

Also read: Generative AI on the scene, will it reshape how business delivers value?