Hanno Labuschagne

Staff member
Sep 2, 2019
CIPC records breached

The Companies and Intellectual Property Commission (CIPC) has revealed it suffered a security breach leading to the compromise of its clients' and employees' personal information.

The CIPC, which is part of the Department of Trade, Industry, and Competition, put a notice on its website about the incident on Thursday, 29 February 2024.
Unfortunately, certain personal information of our clients and CIPC employees was unlawfully accessed and exposed. CIPC clients are urged to be vigilant in the monitoring of credit card transactions and ONLY approve/authorise known and valid transaction requests. The extent of the exposure is being investigated and will be communicated as soon as possible.

Great. /s

I was wondering why CIPC was so dead-ass slow most of last month.
CIPC publishes personal details in any case. Is that not against POPIA?
Credit card information doesn't even need to be stored as it can be tokenised.
Under best practice of course. Does it sound like best practice if they're concerned about it? Also, CIPC has a rather unique hook into government, credit and third party data. For verification of things like directors it authenticates you by querying things like your mother or father and their personal information so who knows the extent...
A complaint should be made to the payment platform as well. If they allow hosts to store customer card information unencrypted and does not take action, they are just as guilty as the hackers stealing the data. Any good lawyer can argue that in civil claims court.
I'm just here thinking that really the CIPC information is too hard to access vs other countries.
SA isn't even on opencorporates!
CIPC publishes personal details in any case. Is that not against POPIA?
Nope. Directors' personal information is public. The dissemination of this info is fair use, there is a logical reason for it.