Question NW2538 to the Minister of Justice and Correctional Services
06 January 2022 - NW2538
Breytenbach, Adv G to ask the Minister of Justice and Correctional Services
(1) Whether the Information Regulator was informed immediately once it became apparent that the recent ransomware attack was launched on his Department’s Information and Communication Technology systems; if not, why not; if so, on what date was the Information Regulator informed of the recent ransomware attack; 2) whether he has found that his department co-operated fully with the Information Regulator’s investigation into the recent ransomware attack; if not, why not; if so, what are the relevant details; (3) whether his Department provided full details of the information that was breached to the Information Regulator; if not, what is the position in this regard; if so, what are the relevant details?
Reply:
1) The Department of Justice and Constitutional Development informed the Information Regulator as soon as it was confirmed that the Department has been affected by a ransomware attack.
2) The Department fully co-operated with the Information Regulator in terms of information sharing, guidance and their participation in the system restoration process.
3) As at 1 December 2021, the analysis and/or forensic investigation is still inconclusive in terms of the exact nature of the information that was sent outside of the Department as part of the breach. This information should present itself as part of the forensic investigation as expected to be conducted from the case that was opened with the South African Police Service. Therefore, the Information Regulator will be informed as soon as the information becomes available.