Statistics South Africa has confirmed that one of its internal systems was compromised in a cyberattack, after a hacking group demanded a $100,000 ransom in exchange for withholding allegedly stolen data.
The breach, which reportedly affected the agency’s human resources database, is the latest in a series of cyber-extortion incidents targeting South African public institutions.
According to the attackers, a total of 453,362 files amounting to 154GB of data were extracted from a Stats SA server.
The cybercrime group behind the breach, known as XP95, has threatened to release the full archive online unless payment is made by 20 April 2026.
Acting Deputy Director-General for Statistical Support and Informatics, Semakaleng Thulare, said the compromised system was limited to the online recruitment platform used by job seekers.
“The system that was breached is exclusively the HR system available for job seekers to apply online,” Thulare said.
The agency added that it is working within a broader government-led cybersecurity response and will formally notify the Information Regulator in line with legal procedures.
repeat attacks raise concern over public sector vulnerabilities
The incident comes shortly after the same hacking group allegedly targeted the Gauteng Provincial Government earlier this month.
That earlier breach reportedly involved more than 3.6 million files, totalling 3.8TB of data, which were allegedly offered for sale online for $25,000.
Cybersecurity observers say the rapid succession of attacks suggests growing vulnerabilities across government systems and highlights the increasing sophistication of cyber-extortion operations.
XP95 is believed to be a newly emerged ransomware-style group that first appeared in March 2026.
Its name and visual branding appear to reference legacy Microsoft systems, combining elements of Windows XP and Windows 95 in a retro-style interface.
South Africa remains a frequent cybercrime target
The latest breach adds to mounting evidence that South Africa continues to be a major target for digital attacks.
According to a 2025 report cited by Surfshark, South Africa ranked 27th globally among the most breached countries.
The report found that 369,600 local accounts were compromised during 2025 alone.
More than 21,000 accounts were breached between April and June of that year, while cumulative personal data exposures since 2004 have exceeded 124.2 million records.
Analysts say repeated attacks on state institutions, combined with growing incidents in the private sector, point to persistent cybersecurity gaps that require urgent policy and infrastructure upgrades.
The Stats SA breach is expected to intensify pressure on public institutions to strengthen data protection, improve incident response systems, and accelerate investment in cyber resilience.
Source: MyBroadband
