justice & constitutional development is taking the Information Regulator to court to fight a R5-million fine the regulator imposed on it over a 2021 cyberattack.
“The court application was issued on 29 September and was delivered to the sheriff on 2 October for purposes of serving it on the Information Regulator. The return of service is currently awaited,” said justice department spokesman Steven Mahlangu.A ransomware attack on 6 September 2021 crippled the department’s information systems, Bloomberg News, leaving them encrypted and unavailable.
The regulator also criticised the justice department’s failure to perform an IT risk assessment on its network and software systems.In May, it said: “The regulator has issued the Department of Justice and Community Development with an enforcement notice in which it orders the department to submit proof to the regulator within 31 days of receipt of the notice that the Trend antivirus licence, the SIEM licence and the IDS licence have been renewed.
The justice department, however, is challenging the legality of the two notices sent to it by the regulator in terms of section 6 of the Promotion of Administrative Justice Act. The department further argues that the regulator has misinterpreted and misapplied Popia legislation, saying that the regulator’s “flawed process” risks setting a precedent that, “if not challenged, the implications for the work of the information Regulator itself and all entities will be negatively impacted”.