| Authority: | POPIA |
|---|---|
| Jurisdiction: | South Africa |
| Type: | Violation |
| Relevant law: | Protection of Personal Information Act, 2013 |
| Outcome: | N/A |
| Started: | N/A |
| Decided: | N/A |
| Published: | N/A |
| Fine: | N/A |
| Parties: | Regulator vs. Companies and Intellectual Property Commission (CIPC) |
| Case No.: | N/A |
| Appeal: | N/A |
| Original Source: | POPIA |
| Original contributor: | MZIZI Africa |
Contents
An investigation has commenced against Companies and Intellectual Property Commission (”CIPC”) for a breach of POPIA following a security compromise of their systems which exposed user data.
The Regulator has commenced its own-initiative investigation of the CIPC following the much-publicised security compromise of their systems.
Reports received by the Regulator indicate that the threat actors that breached the CIPC systems are still in the CIPC IT environment, and the CIPC systems remain compromised.
The Regulator will also review CIPC's organisational and technical measures for protecting personal information on whether the CIPC's business model facilitates the selling and buying of personal information in its possession.
The matter is pending investigations.
The ruling is not available but a press release by the Regulator is attached.
Hackers who breached South Africa’s companies database say it’s much worse than anyone knows