The Public Investment Corporation (PIC) website was hacked and defaced over the weekend, displaying the tag of a hacker who goes by “J4r” and claims to be “Gov’s attacker” from Morocco.
The PIC is a government investment fund, which the Democratic Alliance (DA) said in a statement on Sunday, 17 August 2014 has over R1 trillion in assets under management.
“[It] is a key driver for investment within the South African economy and is also responsible for managing funds acquired from public servants through the South African Government Employees Pension Fund (GEPF),” DA shadow minister of finance Dion George said.
George went on to say they will write to the Minister of Finance, Nhlanhla Nene, regarding the security breach.
In particular, the DA wants to know what measures have been taken to protect the integrity of information held by the PIC following the cyber-attack on its website.
“A hacker succeeded in breaching the PIC’s online security systems early this Sunday, disabling the website and potentially gaining unauthorised access to the organisation’s private information.”
It must be noted, however, that it is not common security practice (even in government) to host sensitive company information on the website’s server.
The PIC was contacted for comment but could not immediately answer questions on whether any private data was compromised during the hack.
The PIC has provided the following statement on the hack of its website.
The Public Investment Corporation strongly condemns the hacking of its website on the 17 August 2014 by some unscrupulous elements. This website is hosted externally with a reputable internet service provider (ISP), and therefore this event had no impact on the PIC’s internal ICT systems. We can confirm that no information that compromises the operations of the PIC has been acquired through this act. In an effort to curb such criminality, the PIC will open a criminal case with the South African Police Service (SAPS) to investigate this case further.