South Africa is facing an unrelenting wave of cyber incidents, with data breaches hitting record levels and even well-resourced institutions falling victim. This week's update focuses exclusively on local developments as the country cements its position as Africa's most targeted nation for cyberattacks.
Alarming Statistics: Breaches Every Three Hours
Data breaches in South Africa continue at a staggering pace — approximately one every three hours — with an estimated 90% considered preventable through basic security measures.
The Information Regulator has raised serious concerns after receiving 788 data breach notifications in the first quarter of 2026 alone (January to March). This reflects a sharp ongoing increase, with monthly averages climbing toward 300 notifications in recent periods.
South African organisations experienced a 60% rise in data breaches during the first half of 2025, a trend that shows no signs of slowing. Nation-state actors are increasingly pre-positioning in critical infrastructure, while ransomware and data extortion groups remain highly active.
Cybercrime costs the economy an estimated R2.2 billion annually, with additional massive losses in sectors like telecommunications (R5.3 billion in fraud and cyber losses reported for 2025).
Major Incidents Making Headlines
-
Standard Bank and Liberty Group Breaches: In March 2026, Liberty (Standard Bank's insurance subsidiary) suffered unauthorised access to client data, including names and ID numbers. Shortly after, Standard Bank itself notified customers of a separate breach affecting personal information. The Information Regulator has launched an investigation into both incidents, focusing on whether adequate protective measures were in place.
-
Statistics South Africa (Stats SA) Ransomware Attack: The national statistics agency confirmed a breach of its HR database used by job seekers. The emerging group XP95 claims to have stolen 154GB of data (over 453,000 files), including personal details, CVs, and employment histories. A ransom of R1.7 million ($100,000) was demanded, with a deadline in April 2026. Stats SA has notified the Information Regulator and stated it will not pay.
-
Gauteng Provincial Government Targeted by XP95: Earlier, the same group allegedly exfiltrated 3.8TB of personal data, with samples leaked online and the full dataset reportedly offered for sale. This follows similar patterns of targeting government and public sector entities holding sensitive citizen information.
-
Rising Insider Threats: Nearly 46% of South African organisations surveyed reported an increase in malicious insider-driven data theft — higher than the global average. Organisations are experiencing an average of six insider incidents per month, with significant financial costs.
The Information Regulator continues to emphasise timely breach notifications and robust risk mitigation under POPIA. Expect increased scrutiny and potential enforcement actions following high-profile incidents.
Actionable Steps to Protect Yourself
Enable Strong Controls
Use hardware-backed or app-based multi-factor authentication everywhere. Avoid SMS-based MFA where possible.
Patch and Update Relentlessly
Many preventable breaches stem from unpatched systems. Prioritise critical vulnerabilities in banking apps, email systems, and government portals.
Beware of Social Engineering
With insider threats and data leaks rising, treat urgent requests for information or payments with suspicion. Verify independently.
For Businesses
Conduct regular insider threat assessments, map third-party risks, and test incident response plans. Report breaches promptly to the Information Regulator.
Personal Vigilance
Freeze your credit if concerned about identity exposure. Use unique, strong passwords via a manager, and consider credit monitoring services.
Stay Informed
Follow official sources like the Information Regulator, SABRIC, and trusted local cybersecurity outlets.
South Africa's cybersecurity challenges are deepening, but awareness and proactive defence can significantly reduce risk. Organisations and individuals who treat cybersecurity as a board-level and personal priority will fare better in this environment.
What aspect of local cyber threats would you like covered in more depth next week — banking security, government breaches, or scam prevention tips? Share your thoughts.
This weekly South Africa-focused update is based on publicly reported incidents and aims to raise awareness. Always cross-check with official statements and consult professionals for specific advice.