TiAuto Investments, the holding company of Tiger Wheel & Tyre, Tyres & More, and other businesses, has notified suppliers that it was hit with a ransomware attack on 28 December.
The company said it didn’t give in to extortion demands and is busy incrementally bringing its systems back online.
“TiAuto will never accede to paying nor engaging with criminals,” it stated.
It said that as a responsible corporate citizen, it was notifying anyone who might be impacted even though it doesn’t know whether the attackers exfiltrated any data during the breach.
“On the 28th of December 2023, our cyber security team detected suspicious activity within our internal systems,” the company said.
“The team took the proactive step of immediately disconnecting all servers, computers, POS devices, all domains and all Outlook and Microsoft interfaces in order to contain the attack.”
TiAuto said it immediately appointed a cyber security company to help its team neutralise the threat and determine if any data had been compromised.
“We are pleased to say that we have managed to contain the attack,” TiAuto said.
“We are in the process of bringing the systems back up incrementally, after a full analysis has been executed on every device and server in the group, including those where there are third party API links with third party suppliers or customers.”
TiAuto said its investigation was ongoing.
“Until we obtain a full forensic cyber audit report, we will be unable to fully and comprehensively determine the exact nature of any potential data breach,” it said.
“As at the date of this notification, we cannot confirm definitively if any customer data has been compromised, but as can be expected we are taking this matter extremely seriously and are taking all necessary steps to assess the situation thoroughly.”
TiAuto added that the specific data affected and any possible consequences are yet to be determined.
The company is also reporting the incident to the Information Regulator as required by the POPI Act.
TiAuto joins a growing list of South African businesses targeted by ransomware attacks and data extortion gangs.
This includes credit bureaus like TransUnion, which was the victim of an attack in March 2022 and has faced repeated attempts to extort it for the stolen data.
South Africa’s Department of Justice was hit by ransomware on 6 September 2021, taking down critical systems and bringing the Master’s Office to its knees.
The Information Regulator, an agency within the justice department, ordered its parent to take remedial action following the attack.
When the department failed to do so, the privacy watchdog slapped it with a R5 million administrative penalty. The department is now fighting the fine in court.
Incredible and HiFi Corp parent JD Group also suffered a data breach that resulted in stolen data being sold on a hacker forum.
MyBroadband contacted TiAuto for comment, but it did not respond by publication.