12 March 2024

The Government Employees Pension Fund (GEPF) has noted the release of data purportedly from its administrator, the Government Pensions Administration Agency (GPAA) by the ransomware group LockBit.

The GEPF is extremely concerned with this alleged security breach, as it was informed by GPAA that no data breach had occurred when it was notified of an attempt to gain access to GPAA systems by unknown individuals on the 16 February 2024. The GPAA subsequently established that this was an attempt by the ransomware group LockBit.

This morning, 12 March 2024, following the release of certain GPAA data by LockBit on 11 March 2024, the GEPF has been informed by GPAA that preliminary investigations has found that the certain GPAA systems were compromised. The GPAA is investigating the alleged data breach and whether this impacts the GEPF.

GPAA has reconfirmed that preventative action was taken when it became aware of the attempted access to its systems which included “shutting down” all systems to isolate affected areas. GPAA further confirmed that pension payments are not affected.

The GEPF is engaging with the GPAA and its oversight authority, the National Treasury to establish the veracity and impact of the reported data breach and will provide a further update in due course. Until the facts have been adequately established, the GEPF is unable to comment further on the matter.

Issued by:

Government Employees Pension Fund
For more information, please contact:

Matau Molapo
012 424 7315