The cyberattack was perpetrated by a cybercrime group known as XP95.
South Africa’s statistics agency, Stats SA, has fallen victim to a data breach affecting one of its departments, the agency confirmed.
It is believed that the cyberattack was perpetrated by a cybercrime group known as XP95, which breached the Gauteng Provincial Government earlier this month.
The breach included 3,673,556 individual files, totalling 3.8 TB of data, which was on the market for $25 000 (R429,000).
Cyber-attack
In the latest attack, the hackers claim to have stolen 453,362 files totalling 154 GB of data from an unspecified Stats SA server.
The cyber-extortionists have demanded a ransom payment of $100,000 (R1.7 million) to prevent the public release of the stolen data.
Stats SA said it was aware of the data breach affecting the human resources database.
“The system that was breached is exclusively the HR system available for job seekers to apply online,” said Semakaleng Thulare, the acting DDG of Statistical Support and Informatics at the agency.
“The national statistics office is part of a wider government response to matters dealing with cybersecurity breaches.”
ALSO READ: Data breaches cost SA organisations over R360m in 3 years
XP95
Stats SA said it will notify the information regulator and will be “guided by their processes.”
XP95 has set a 20 April 2026 deadline for the payment, after which the group threatens to leak the full Stats SA archive online, according to MyBroadband.
The XP95 group is a relatively new actor in the cyber-extortion space, having first emerged in March 2026 with a unique interface that mimics legacy Microsoft Windows operating systems.
From the site design, it appears that the group’s name is an amalgamation of two old versions of Microsoft’s operating system: Windows XP and Windows 95.
Cybercriminals
In 2025, The Citizen reported that South Africa continued to be a target of cybercriminals, ranking 27th globally in the most breached countries, highlighting persistent cybersecurity gaps.
The report by Surfshark revealed that in 2025, a total of 369 600 accounts were leaked in the country.
Surfshark’s report indicates that more than 21 000 South African accounts were breached between April and June, which translates to approximately three per 100 000 people.
In total, South Africa has had a total of 124.2 million personal records exposed since 2004. On average, each email is breached with 2.9 additional data points.
ALSO READ: Cyber Month: Scammers ‘hacking kindness’ – AI and ubuntu used for fraud
Support Local Journalism
Add The Citizen as a Preferred Source on Google and follow us on Google News to see more of our trusted reporting in Google News and Top Stories.
#Stats #hit #cyberattack #hackers #demand #ransom #stolen #data
