{"id":645345,"date":"2026-05-05T12:21:43","date_gmt":"2026-05-05T10:21:43","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=645345"},"modified":"2026-05-05T12:52:32","modified_gmt":"2026-05-05T10:52:32","slug":"company-behind-every-product-barcode-in-south-africa-denies-it-suffered-a-data-breach","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/645345-company-behind-every-product-barcode-in-south-africa-denies-it-suffered-a-data-breach.html","title":{"rendered":"Company behind every product barcode in South Africa denies it suffered a data breach"},"content":{"rendered":"\n<p>Ransomware gang Stormous has claimed that it breached GS1 South Africa, also known as the Consumer Goods Council of South Africa (CGCSA). However, the company said the claim was false.<\/p>\n\n\n\n<p>Stormous said it stole a large amount of sensitive customer, staff, and executive data and gained full access to the SharePoint server that contains South Africa\u2019s GS1 barcode database.<\/p>\n\n\n\n<p>GS1 is the barcode standard that gives products sold in South Africa unique identifiers that can be scanned at point-of-sale machines. Such barcodes must be registered to ensure uniqueness.<\/p>\n\n\n\n<p>GS1 is also a company, and South Africa\u2019s only registered barcode supplier. \u201cWe invented the GTIN and innovate barcodes globally,\u201d it said.<\/p>\n\n\n\n<p>The CGCSA is an industry association representing over 9,000 member companies in the consumer goods, retail, and services sectors, which is one of the largest employers in South Africa.<\/p>\n\n\n\n<p>Its barcodes are used not only in retail, but also in healthcare, transport, and logistics. Its partners include all of South Africa\u2019s major retailers and food brands, as well as Netcare, Google, and Facebook.<\/p>\n\n\n\n<p>Stormous said the exfiltrated data included corporate information such as names, emails, phone numbers, financial accounting records, and sales order reports.<\/p>\n\n\n\n<p>Stormous also claimed to have gained access to one of GS1 South Africa\u2019s SQL servers and Sage 200 Evolution SQL.<\/p>\n\n\n\n<p>This included its full Sage 200 Evolution backups, including all transaction history, tax records, and payroll.<\/p>\n\n\n\n<p>Stormous said it obtained operational security data, as well as CRM and legal archives with over 151,000 sensitive documents, contracts, and internal communications.<\/p>\n\n\n\n<p>In addition, the group said it gained full access to GS1 South Africa SharePoint, including GDSN protocols and partnership data with several high-profile clients.<\/p>\n\n\n\n<p>The breach also allegedly included a complete compromise of the personally identifying information of administrative and executive staff, including private emails and mobile numbers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">GS1 South Africa said attack failed<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"675\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Zinhle-Tyikwe-GS1-CGCSA.jpg\" alt=\"\" class=\"wp-image-645350\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Zinhle-Tyikwe-GS1-CGCSA.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Zinhle-Tyikwe-GS1-CGCSA-600x338.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Zinhle-Tyikwe-GS1-CGCSA-768x432.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption class=\"wp-element-caption\">Zinhle Tyikwe, CEO of the The Consumer Goods Council of South Africa (CGCSA)<\/figcaption><\/figure>\n\n\n\n<p>Contacted for comment about the reports of a breach at the CGCSA, GS1 South Africa told MyBroadband that the claims Stormous reportedly made were false.<\/p>\n\n\n\n<p>\u201cThere was an attempted malicious intrusion, which was detected and contained, and it did not result in unauthorised access, data exfiltration, or operational compromise,\u201d a spokesperson said.<\/p>\n\n\n\n<p>\u201cOur security controls and monitoring mechanisms functioned as designed, preventing access to internal systems and sensitive information.\u201d<\/p>\n\n\n\n<p>GS1 South Africa stated that there was neither evidence of a ransomware attack on its system nor of data exfiltration, and business operations have continued without disruption.<\/p>\n\n\n\n<p>\u201cWe note the highly detailed and speculative nature of the information presented in your enquiry,\u201d the spokesperson said.<\/p>\n\n\n\n<p>\u201cThis level of detail is consistent with a malicious and deliberate attempt to create alarm or lend credibility to unsubstantiated claims, rather than reflecting an actual compromise of our systems.\u201d<\/p>\n\n\n\n<p>GS1 South Africa said it remained vigilant and proactive in managing cybersecurity risks, immediately investigating and responding to potential threats.<\/p>\n\n\n\n<p>\u201cWhere appropriate, we cooperate fully with relevant stakeholders and authorities, in line with best practice and regulatory expectations,\u201d it assured.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Questions about Stormous<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><a  data-lightbox=\"post-image\" href=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Stormous-CGCSA-leak.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"800\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Stormous-CGCSA-leak.jpg\" alt=\"\" class=\"wp-image-645363\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Stormous-CGCSA-leak.jpg 1600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Stormous-CGCSA-leak-600x300.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Stormous-CGCSA-leak-1200x600.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Stormous-CGCSA-leak-768x384.jpg 768w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Stormous-CGCSA-leak-1536x768.jpg 1536w\" sizes=\"(max-width: 1600px) 100vw, 1600px\" \/><\/a><figcaption class=\"wp-element-caption\">Stormous&#8217;s claim of a data breach against CGCSA. Source: <a href=\"https:\/\/darknotify.com\/\" target=\"_blank\" rel=\"noopener\">DarkNotify<\/a><\/figcaption><\/figure>\n\n\n\n<p>Ransomware.live reported that Stormous was an Arabic-speaking, pro-Russian ransomware and hacktivist group active since at least 2022.<\/p>\n\n\n\n<p>Stormous was known for politically motivated attacks across over 15 countries. It collaborated with GhostSec on the GhostLocker 2.0 RaaS platform and inherited GhostSec\u2019s RaaS operations in mid-2024.<\/p>\n\n\n\n<p>The group previously had a reputation for making exaggerated or outright false claims, raising questions about whether Stormous was actually a scamming operation, rather than a ransomware gang.<\/p>\n\n\n\n<p>In 2023, SOCRadar <a href=\"https:\/\/socradar.io\/blog\/who-is-stormous-ransomware-group\/\">reported<\/a> that some of the data Stormous claimed to have stolen was found to be fake, raising doubts about the legitimacy of their claims and intrusions.<\/p>\n\n\n\n<p>However, its partnership with GhostSec in 2024 put Stormous back on the map and repaired some of the group\u2019s damaged reputation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware gang Stormous has claimed that it breached GS1 South Africa, which also trades as the Consumer Goods Council of South Africa (CGCSA). However, the company said the claim was false.<\/p>\n","protected":false},"author":15,"featured_media":645347,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[70692,105016,98694,105017],"class_list":["post-645345","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-consumer-goods-council-of-south-africa-cgcsa","tag-gs1-south-africa","tag-gs1za","tag-stormous"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/645345"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=645345"}],"version-history":[{"count":4,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/645345\/revisions"}],"predecessor-version":[{"id":645364,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/645345\/revisions\/645364"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/645347"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=645345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=645345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=645345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}