Security experts warn that this information could be exploited by criminals in a variety of ways.
"The lack of clarity about what kind of data was stolen is a major worry," said Richard Frost, head of consulting at Armata. "Some of this information should never be publicly available, let alone in the hands of hackers."
Frost highlights the vulnerability of directors' personal details, such as ID numbers and home addresses. This information could be used to impersonate directors and place fraudulent orders with stolen banking information.
Businesses would then unknowingly incur the costs associated with these fake purchases.
Beyond impersonation, fraudsters could also use the stolen data to target a company's customers and suppliers. Phishing emails, for instance, could appear more legitimate by referencing verified CIPC information, tricking victims into sending payments to fraudulent accounts.
The long-term effects of this attack are concerning. Companies may not realise they've been targeted until significant damage occurs, leading to financial losses, reputational harm, and even customer defection.
"Companies of all sizes need to be extra vigilant right now," Frost advised. "Staying informed through credit bureaus like TransUnion and Experian is crucial to identify attempts to open accounts in your name."
Larger organisations can implement additional security measures, such as digitally stamped documents for purchase confirmations. Open communication with customers is also vital.
Companies should proactively alert them about the potential risks and emphasise confirmation procedures for any changes in financial interactions.
"Every single South African company should be contacting their customers," Frost concluded. "Highlight the risks, explain preventive measures, and encourage them to verify any suspicious requests."
Individuals are also urged to be cautious of unsolicited calls and emails. It's recommended to verify the legitimacy of any communication before providing personal information or making payments.
This cyberattack underscores the need for heightened awareness and vigilance across all sectors. While legal and governmental protections are evolving, proactive measures are essential to avoid financial ruin and lengthy legal battles.
