Government5.12.2024

Government department hacked, R55 million lost

The Department of Public Works and Infrastructure (DPWI) accounting system suffered breaches in March, April, and November this year, with an estimated R55 million lost due to the attacks.

This is according to Carol Phiri, chairperson for the Portfolio Committee on Public Works and Infrastructure, who was scathing of the Sage financial system the department was using.

She said the breaches led to four employees being suspended. However, three have since returned to work.

“It is baffling that Sage gives you a problem to the point that you are unable to pay service providers on time because it has been hacked several times,” Phiri stated.

“With the hacking, you are losing funds, and yet you are still using this system.”

The Minister of Public Works and Infrastructure, Dean Macpherson, acknowledged the issue and said the Sage system was not fit for purpose and should never have been acquired in the first place.

Macpherson said the department should have worked with existing systems within National Treasury, or used off-the-shelf alternatives.

He described Sage as an albatross around the department’s neck, and said discontinuing its use as soon as possible would be to its benefit.

The department’s acting deputy director-general for governance risk and management, Lwazi Mahlangu, expressed caution in discussing these matters publicly, as they were still under investigation.

However, he assured the committee that steps were being taken to address the concerns.

He said that an Information and Communication Technology (ICT) steering committee was established specifically to tackle these security issues.

Mahlangu acknowledged that managing the department’s systems presented governance challenges but emphasised that the committee was working to resolve these issues.

He said a decision had been made to place ICT under administration within the department, with additional resources being allocated to oversee the functionality of these systems.

Additionally, certain criteria had been established for the use of these systems, including limiting the number of individuals who could access them.

A monitoring and detection system had also been deployed as part of the department’s efforts to improve security.

These measures were twofold: the introduction of monitoring systems to the current processes, and a complete overhaul of the system, which would take some time.

Mahlangu also explained that the preliminary investigation had led to some individuals being placed back into suspension, while others remained suspended.

He added that the investigation had pointed to further possible actions against some of the individuals identified in relation to the breaches.

Mahlangu reassured the committee that the department was fully aware of the issues at hand and was actively implementing internal controls and taking action where necessary.

He also suggested that further discussions with National Treasury might be needed to explore additional controls and collaborative measures.

Considering that several people were placed on suspension following the alleged breaches of the department’s Sage system, it is unclear what made the software “unfit for purpose”.

Based on the information before the committee, the breaches of the department’s financial systems were either due to human error or a criminal act.

MyBroadband contacted the department for further comment, but it did not respond by publication. It therefore remains unclear whether Sage is being used as a scapegoat for the department’s own failures.

Sage Africa and Middle East managing director Pieter Bensch told MyBroadband they were aware of the remarks made in the Parliamentary Portfolio Committee.

“We take these concerns seriously and are engaging with the department and relevant stakeholders to gather more information, investigate the issues raised, and understand the specific incidents mentioned as quickly as possible,” said Bensch.

“Ensuring the integrity and reliability of our solutions remains a top priority, and Sage continues to take all necessary steps to ensure compliance with all regulatory and government requirements to uphold the highest standards for our customers.”

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter