A relatively unknown hacker group, XP95, has claimed responsibility on Telegram for hacking Statistics South Africa (Stats SA), South Africa’s national statistics agency. Semakaleng Thulare, the agency’s acting deputy director-general for statistical support and informatics, confirmed that it was aware of the breach.
The group, whose name XP95 appears to draw inspiration from two older Microsoft operating systems, Windows XP and Windows 95, reportedly collected about 154GB of data, or some 453,362 files, in the breach. and is demanding $100,000 from the South African government to prevent the data from being publicly exposed. Although XP95 is still relatively unknown, it has begun gaining attention in cybersecurity circles for its alleged involvement in recent cyberattacks.
For one, this is not the first time XP95 has been linked to such an incident. The group previously claimed it breached the Gauteng City Region Academy, an entity under the Gauteng Provincial Government, where it allegedly accessed about 3.8TB of data across 3.6 million files. The data was later offered for sale online for about $25,000.
This current situation, however, is concerning because Statistics South Africa plays a vital role in South Africa’s data infrastructure. The agency collects data that measures economic and social welfare, including unemployment figures, population data, and inflation statistics. But in response, Stats SA said that, “the system that was breached is exclusively the HR system available for jobseekers to apply online.”
It added that "the national statistics office is part of a wider government response to matters dealing with cybersecurity breaches. Stats SA will not pay any ransom. Deployment of state financial resources is done in line with PFMA [Public Finance Management Act]. Stats SA will notify the Information Regulator and will be guided by their processes.”
Ogbonda Chivumnovu
