Packaging supplier Nampak has delayed the release of its interim results after a cyber incident in March that affected its IT systems.
Historically, Nampak has released its interim results in the last week of May, but after the cyber incident, the company had taken a range of steps to restore the group’s information management and reporting systems, it said in a statement on Thursday.
“The group’s systems are up and running again, but, given that the incident occurred shortly before the close of the interim period, further steps are being carried out to ensure that all financial information is complete and accurate,” it said.
“Accordingly, the company has elected to delay the publication of its interim results to accommodate these steps. Nampak has taken a prudent approach in ensuring the integrity of its financial reporting obligations to shareholders,” it said.
On March 20, Nampak detected unauthorised activity on its IT systems, it said in a statement on its website.
“An unauthorised external threat actor unlawfully gained access to these systems, notwithstanding Nampak’s robust and embedded security protocols. As a result, Nampak’s servers were accessed and data was encrypted,” it said.
This security compromise did not affect the group’s manufacturing facilities and operations, which are functioning as normal, albeit with some manual operating systems where required.
On April 3, Nampak identified that the external threat actor had published a dark web post revealing the group as a victim on a page associated with the LockBit 3.0 ransomware group. The post includes a countdown timer related to Nampak suggesting that these files may be made available on April 4.
“Though Nampak’s assessment of the potentially affected data is ongoing, it has identified that the impacted data may include files related to Nampak’s legal, finance and human capital functions. Such files may include certain personal information relating to natural and juristic persons,” it said.
Nampak has implemented various measures to address the compromise. It continues to proactively monitor for the publication of any data relating to Nampak or personal information of data subjects in its care on the internet and the dark web.
The group said it would continue to evaluate additional measures to further strengthen its cybersecurity policies and procedures, and technological capabilities to mitigate against the ever-evolving cyber risk landscape.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.