-
FILE | Two people on laptops against a green background.
Cybersecurity firm Cyber Sec Clinique has accused Statistics South Africa (Stats SA) of downplaying a data breach on its systems.
Stats SA on Sunday confirmed in a statement that its systems had been hacked by an emerging cybercrime group known as XP95.
According to the agency, the breach was limited to its HR database, which is used by job seekers when applying online.
According to the hackers’ dark web leak site, they have stolen over 400 000 files amounting to 154 gigabytes of data.
The cyber-extortionists have demanded a ransom payment of $100 000, about R1.7 million, to prevent the public release of the stolen data.
Cyber Sec Clinique CEO Doreen Mokoena says, “Stats SA did respond acknowledging the data breach, but it’s the characterisation of the data breach, they’re downplaying the breach and the impact.”
“The moment you look at those data sets, it’s an entire job application of an individual, so you take that and multiply it by six million people, that’s the amount of the data breach. tats SA is one of the biggest institutions that the country has trust in and for them to lose our data, it’s like they’re losing our national footprint.”
MEDIA STATEMENT || Stats SA responds to Cybersecurity breach.#StatsSA #KnowYourStatsZA #GovZAUpdates @GovernmentZA pic.twitter.com/b0HP3BaW9U
— Statistics South Africa (Stats SA) (@StatsSA) March 29, 2026
