south africa international The International Trade Administration Commission (Itac) said the reason the organization waited three months to inform stakeholders of the security breach of its on-premises servers was because the organization initially lacked information (including the scope of the breach) and that it was likely that there was a serious problem. He said this was because there was a high possibility that the incident had occurred. Panic”.
ITAC Chief Commissioner Ayabonga Kau told TechCentral in an interview on Friday that the trade commission chose to follow all legal and regulatory procedures while getting to the bottom of the matter before going public. .
The Sunday Times reported over the weekend that Donald McKay, CEO of XA Global Trade Advisors, said the client, importer/exporter whose personal information Itac held, had suffered a security breach. He said he is wary of the time that has passed. happened.
“We became aware of this breach in early January and subsequently had to initiate a series of disclosures to law enforcement and intelligence regulators,” Cawe said.
“We were operating on incomplete information about what happened, so we had to commission a forensic investigation, which is currently underway. This was the reason for the delay in notifying the concerned parties.
Itac is a government agency that manages trade instruments and provides technical advice on trade policy to the trade, industry and competition sector. Part of its duties include managing the granting of trade licenses. Itac is also working on research on trade defense measures to protect local economies from practices such as subsidized imports and dumping. Itac also conducts research on customs registers that inform import duties related to various product categories.
Data collected
Therefore, Itac stores data related to both companies and individuals, as well as data related to internal operations such as personnel records and payroll. According to Cawe, this is the data exposed in the breach.
“For example, a person applying for a permit to import a car into a country will fill out a form containing personal information and details such as the make, model and price of the car. In the course of our investigative work, we “We collect information on the management accounts of various companies, including information on sales and wage ledgers,” Kau said.
Read: CIPC hack: Urge customers to change their passwords
The increasing number of security breaches involving South African government agencies is a cause for concern. Itac joins the growing list of public sector organizations hacked this year, along with CIPC and the Civil Service Pension Fund.
Cawe said Itac still doesn't know how its servers were compromised in the first place. You also don't know how long the intruder had access to your system.
Kaw said public disclosure of the breach itself would pre-empt the conclusion of a forensic investigation that is expected to yield more information about what happened. He did not say when the findings would be made available to the public. In the meantime, Itac customers are encouraged to practice good security hygiene by changing their passwords and not using the same credentials to access other online services.
“What we want to assure those with information is that we are taking steps to harden the environment and make it safer,” Kaw said. – © 2024 News Central Media
