An “unknown third party” gained access to Nampak’s IT systems last week. (Witthaya Prasongsin/Getty Images)
The Nampak packaging group notified shareholders that an “unknown third party” had gained access to company IT systems last week.
Nampak made the voluntary announcement about a breach of its IT systems on 20 March, shortly before the close of business on Tuesday.
“On 20 March 2024, Nampak detected unauthorised activity on its IT systems. An unknown third party gained access to its IT systems, notwithstanding the company’s robust and embedded security protocols,” the statement said.
Nampak said it was still in the process of determining the scope of the compromise and said that it immediately took steps to contain and remediate the incident.
It said that the breach has not affected manufacturing facilities and that its operations are continuing as normal.
However, the company also admitted that it had to switch over its backup manual compensating controls.
Nampak said that the company has already notified the Information Regulator, the body charged with enforcing the Protection of Personal Information Act, about the breach.
This is the latest high-profile South African breach announced this year, with the Government Employee Pension Fund, and the Companies And Intellectual Property Commission amongst the entities that have reported breaches this year.
By the start of March, the Information Regulator told News24 that it had already received 224 security breach notifications from the start of the year.
A spokesperson said this was double than in the same period the year before.
