(Witthaya Prasongsin/ Getty Images)
- The GEPF says a ransomware attack on its administrator on 16 February has compromised its data.
- The LockBit ransomware group has allegedly claimed responsibility for the attack.
- The GEPF says pension payments have not been affected, but it is consulting with its administrator and National Treasury to establish the impact of the reported data leak.
- For more financial news, go to the News24 Business front page.
The Government Employees Pension Fund (GEPF) says its data has purportedly been compromised in a ransomware attack on its administrator, the Government Pensions Administration Agency (GPAA).
The GEPF, which manages the retirement savings of approximately 1.27 million public servants and more than 473 000 pensioners and other beneficiaries, said it was first notified on 16 February of an attempt to gain access to the systems of the GPAA by unknown individuals.
Though it was initially informed by GPAA that no data breach had occurred the administrator later established that data had been compromised in a ransomware attack by a group known as LockBit.
“The GEPF has been informed by GPAA that preliminary investigations have found that certain GPAA systems were compromised,” the fund said in an emailed statement on Tuesday, a day after certain GPAA data was leaked by LockBit.
“The GEPF is extremely concerned with this alleged security breach.”
The GPAA is investigating the apparent data breach and whether it will impact the GEPF though pension payments have not been affected. The GEPF statement said the ransomware attack by LockBit included “shutting down” all systems to isolate affected areas.
Preventative action has since been taken by the GPAA, the statement added.
“The GEPF is engaging with the GPAA and its oversight authority, the National Treasury to establish the veracity and impact of the reported data breach and will provide a further update in due course,” the fund said. “Until the facts have been adequately established, the GEPF is unable to comment further on the matter.”
Mybroadband reported on 21 February that an unauthorised party had tried to gain access to GEPF systems and cited an anonymous source as saying the fund had not made any pension payouts since 12 February. The tech-focused news site also cited a notice on the GEPF website at the time as saying there had been an unauthorised attempt to gain access to its systems on 16 February though the notice said payments had not been affected.
Various social media and other tech-related websites such as The Record reported on Tuesday that LockBit had claimed responsiblity for the ransomware attack on the GPAA. Wikipedia describes LockBit as a cybercriminal group that was first noticed in September 2019, but which by 2023 was responsible for 44% of all ransomware incidents globally.
The GEPF website states that it had accumulated funds and reserves: R2.09 trillion as at 31 March 2021. The defined benefit fund was founded in 1996, when various public sector pension funds were consolidated.