Stats SA Faces Hacker Deadline as 450,000 Stolen Files Near Release

The deadline

Cybercrime group XP95 has given Statistics South Africa until 20 April to pay a $100,000 ransom, roughly R1.7 million at current exchange rates. If the agency does not pay, the group says it will release 154 gigabytes of stolen data online.

Why it matters: the breach exposed the personal details of thousands of South Africans who applied for jobs through the Stats SA online portal, making them vulnerable to identity theft and fraud.

What was stolen

XP95 claimed responsibility for a ransomware attack on Stats SA’s human resources database in late March 2026. According to the group, the haul includes more than 450,000 files siphoned from a single server.

Stats SA confirmed the breach on 30 March and notified the Information Regulator. The agency said only the HR recruitment database was compromised, not the statistical data systems used for the census and economic surveys.

Why Stats SA will not pay

Stats SA has refused the ransom demand. The agency said any payment would violate the Public Finance Management Act, which governs how state bodies may spend public money.

Government policy is clear: no ransoms. The principle is that paying encourages further attacks. But the consequence is that affected job seekers have no guarantee their data will not be published.

The systemic problem

The Public Servants Association called the breach a symptom of chronic underinvestment in government cybersecurity. The PSA said multiple departments run outdated systems with inadequate protections and demanded an urgent overhaul of public sector digital infrastructure.

South Africa recorded R2.2 billion in cybercrime losses in 2025, according to the South African Banking Risk Information Centre. Government systems, often running legacy software with limited security budgets, are increasingly targeted.

What happens next

The April 20 deadline falls on Sunday. If XP95 follows through, the leaked data could appear on dark web forums within hours. Stats SA has advised anyone who applied for jobs through its portal to monitor their credit records and be alert to phishing attempts.