The South African Revenue Service (SARS) and the State Information Technology Agency (SITA) have both rushed to debunk a wave of social‑media rumours claiming their digital platforms were under cyber‑attack, insisting that no evidence of a breach exists and that their systems remain fully operational. The rumours, which began circulating on Twitter and Facebook in the last 48 hours, suggested ransomware‑type infiltration of government ICT infrastructure, prompting alarm among taxpayers and businesses alike.
Officials from both agencies stressed that their security operations centres monitor threats around the clock, and that extensive scans have turned up no signs of unauthorised access. “Our ICT infrastructure remains fully intact and has not been compromised,” said Tlali Tlali, SITA’s head of corporate affairs, in a formal statement released on Sunday. SARS echoed the sentiment on Monday, urging citizens to verify information before sharing and to rely exclusively on official channels for updates.
Key points from the agencies’ responses
| Agency | Official Statement | Actions Taken | Current Status |
|---|---|---|---|
| SITA | “No evidence of unauthorised access to government data or systems.” | Multi‑tiered scan by threat‑intelligence team; 24/7 SOC monitoring | Systems intact; one unrelated departmental website down for scheduled maintenance |
| SARS | “No evidence that SARS’s systems have been compromised.” | Ongoing verification of any anomalies; public awareness campaign | Systems secure; taxpayer data deemed sacrosanct |
The table highlights that both bodies have conducted thorough investigations and found nothing out of the ordinary, underscoring a coordinated effort to reassure the public.
Social media posts that ignited the panic originated from a mixture of individual users on X and a Nigerian tech outlet, TechnoMag, which alleged that a major breach had occurred. The claims quickly gained traction, prompting headlines that suggested a national security incident. However, neither agency found any technical indicators—such as unusual traffic spikes, file integrity alerts, or malware signatures—to substantiate the allegations.
SITA’s spokesperson clarified that the only service interruption reported was a temporary outage of an unnamed government department’s website. “This was the result of a scheduled and planned maintenance window, including upgrades intended to improve performance, resilience and security,” Tlali explained. The department had approved the maintenance, and the downtime was unrelated to any security incident.
SARS, which handles the nation’s tax collection and custodial responsibilities for sensitive financial data, reiterated that protecting taxpayer information is “sacrosanct.” In its statement, the revenue service warned against the spread of misinformation and urged citizens to consult the agency’s official website or verified social‑media accounts for accurate updates.
The flurry of rumours comes at a time when South Africa’s public sector is under heightened scrutiny over cyber‑security preparedness. Recent high‑profile ransomware attacks on private enterprises have heightened awareness of the need for robust defence mechanisms across all levels of government. Both SITA and SARS have invested heavily in modernising their security architectures, including the deployment of artificial‑intelligence‑driven threat detection and regular penetration testing by accredited partners.
What experts say
Cyber‑security analysts note that false alarms, while disruptive, can also serve as inadvertent stress tests for organisations’ response protocols. “When a rogue claim surfaces, the speed and transparency of the reply are crucial,” said Dr Lebo Mthethwa, senior consultant at CyberGuard Africa. “Both agencies have demonstrated that they have mature incident‑response frameworks, which is reassuring for the public.”
Dr Mthethwa added that the absence of any forensic evidence—such as encrypted ransom notes, payment demands, or data exfiltration logs—strongly suggests the rumours were unfounded. He warned that attackers sometimes use misinformation campaigns to sow confusion before a real assault, underscoring the importance of ongoing vigilance.
Impact on public perception
Even without a confirmed breach, the episode has reminded South Africans of the delicate balance between digital convenience and security risk. Recent surveys indicate that roughly 68 % of citizens are concerned about the safety of their personal data on government platforms. Incidents—real or imagined—can erode trust, making it essential for agencies to maintain clear communication lines.
In response, SARS has launched a short public‑awareness video outlining steps individuals can take to safeguard their tax information, while SITA plans to publish a quarterly security‑status bulletin starting next month.
The coordinated denials from both agencies illustrate a broader push by the government to curb the spread of cyber‑related misinformation. By proactively addressing the rumours, SITA and SARS aim to preserve confidence in the nation’s digital infrastructure and to deter opportunistic threat actors who thrive on uncertainty.
As the story settles, the key takeaway is that, despite the alarming headlines, no concrete evidence has emerged to confirm that either SARS or SITA suffered a system hack. The agencies’ swift, transparent actions have reaffirmed the resilience of South Africa’s public‑sector ICT environment, reminding citizens that official sources remain the most reliable avenue for accurate information.