South Africa’s statistics agency, Stats SA, has confirmed that its systems have been breached by a ransomware attack, marking the second major government breach this month.
The attack was perpetrated by a cybercrime group known as XP95, which breached the Gauteng Provincial Government earlier this month.
That breach resulted in 3.8TB of people’s personal data being stolen, which was put up for sale for over R400,000.
In the latest attack, the hackers claim to have stolen 453,362 files totalling 154 GB of data from an unspecified Stats SA server.
The cyber-extortionists have demanded a ransom payment of $100,000 (R1.7 million) to prevent the public release of the stolen data.
Stats SA confirmed to MyBroadband that it is aware of the breach, adding that it would not pay the ransom.
The agency said that a single HR database was affected.
“Stats SA is aware of a cybersecurity breach affecting one Human Resources database. The system that was breached is exclusively the HR system available for job seekers to apply online,” it said.
“The national statistics office is part of a wider government response to matters dealing with cybersecurity breaches. Stats SA will not pay any ransom.”
Stats SA noted that the deployment of state financial resources is done only in line with the PFMA.
Instead, it said it will notify the information regulator and will be guided by their processes.
According to MyBroadband, XP95 has set a 20 April 2026 deadline for the payment, after which the group threatens to leak the full Stats SA archive online.
The hacker group is relatively new to the scene, emerging in March. It operates with a unique interface that mimics legacy Microsoft Windows operating systems.
The group’s name is a combination of two older versions of Microsoft’s operating system: Windows XP and Windows 95.
