By Lehlohonolo Lehana.
With South Africa recently identified as ‘the most targeted African country for cybercrime, Stats SA has confirmed that its systems have been breached.
Cybercrime group XP95 is claiming responsibility for the attack.
According to XP95’s dark web leak site, the hackers have stolen 453,362 files totaling 154 GB of data from an unspecified Stats SA server.
The cyber-extortionists have demanded a ransom payment of $100,000 (R1.7 million) to prevent the public release of the stolen data.
Given their claim that it was a ransomware attack, it is possible that they left the breached server encrypted and unusable.
Based on the samples of the exfiltrated data, the hackers obtained another trove of personally identifying information from what appears to be a human resources file server.
This is similar to the attack by the same group on the Gauteng Provincial Government, which saw terabytes of personal data from what appeared to be job seekers put up for sale.
Stats SA said it was aware of the data breach affecting the human resources database.
“The system that was breached is exclusively the HR system available for job seekers to apply online,” said Semakaleng Thulare, the acting DDG of Statistical Support and Informatics at the agency.
“The national statistics office is part of a wider government response to matters dealing with cybersecurity breaches.”
Stats SA said it will notify the information regulator and will be “guided by their processes.”
XP95 has set a 20 April 2026 deadline for the payment, after which the group threatens to leak the full Stats SA archive online.
South Africa remained a target of cybercriminals, ranking 27th globally among the most breached countries.
A report by Surfshark revealed that in 2025, a total of 369,600 accounts were leaked in the country.
Between April and June, more than 21,000 South African accounts were breached approximately three per 100,000 people. In total, South Africa has had 124.2 million personal records exposed since 2004.