September 19, 2025
Incident Involving Compromised Staff Email Account
Dear SANSA Stakeholders
This memorandum serves to inform you about a recent data breach incident that occurred on 11 September 2025. One of our staff email accounts was compromised after login credentials were entered on a malicious website. As a result, the attacker was able to send phishing emails that appeared to originate from SANSA.
The least privilege access principles implemented within SANSA’s environment successfully contained the scope of the compromise. There is no evidence of exfiltration of sensitive SANSA data beyond what was legitimately accessible to the compromised user.
The attacker, however, gained access to the user’s email account, including the address book containing contact details, and to the user’s OneDrive, Teams, and associated SharePoint folders. At present, there is no evidence that these files were copied or exfiltrated.
We take the protection of personal information very seriously and remain committed to ensuring the security and confidentiality of our data subjects. This communication is made in line with the requirements of the Protection of Personal Information Act, 2013 (Act no. 4 of 2013) [POPIA].
We have already implemented measures to contain and mitigate the incident, including notifying our data subjects to exercise caution and avoid interacting with suspicious emails.
We deeply regret any inconvenience or concern this incident may have caused. Should you have any questions or require further clarification, please contact our Deputy Information Officer, Lavhelesani Netshidzivhani, at popi_paia@sansa.org.za
We appreciate your cooperation and understanding in this matter.
Yours Sincerely,
Mr Humbulani Mudau
Chief Executive Officer
