SARS Denies Breach Claims Amid Rising Data Leaks in South Africa

Over the weekend, unverified posts claimed that the South African Revenue Service (SARS) and the State Information Technology Agency (SITA) had been hacked. SARS responded today, stating its continuous monitoring found no evidence of intrusion and that a thorough investigation showed the allegations lack proof. The agency urged the public to verify information before sharing.

- SARS said claims of a breach are false and lack evidence. - Standard Bank disclosed a breach last month that exposed client personal identifiers but affirmed its core banking platforms remained untouched. - Liberty Group, a Standard Bank subsidiary, reported a related incident exposing customer data, prompting forensic review. - Statistics South Africa reported a cyber incident affecting internal HR systems. - Polmed, the medical aid for police officers, warned of a potential breach involving sensitive member data. - According to Surfshark’s Q1 analysis, South Africa ranks as the 42nd most breached country worldwide.

The cluster of incidents highlights a broadening threat surface across finance, government, and health sectors in South Africa. Attackers appear to be exploiting credential‑based access and possibly phishing to reach personal data stores, while critical transactional systems stay protected through segmentation. The Surfshark ranking places the nation in the middle tier of global breach frequency, indicating room for improvement in detection and response capabilities.

Security teams should enforce multi‑factor authentication on all remote and privileged accounts (MITRE ATT&CK T1078). Deploy email security gateways to block phishing links (T1566) and monitor for abnormal login patterns using SIEM rules that flag impossible travel or new device registrations. Ensure patch management covers known vulnerabilities in web applications and VPNs; although no specific CVE was disclosed for these events, prioritizing CVE‑2023‑28252 (a common Apache Log4j variant) and similar flaws reduces exploit windows. Apply network segmentation to separate customer‑facing portals from core banking and HR databases, and conduct regular red‑team exercises focused on credential theft and lateral movement.