Possible Compromise of DBSA Information Systems

On Sunday 21 May 2023, the Development Bank of Southern Africa (DBSA) detected abnormal behaviour during a routine check of its information system. Further inquiry confirmed a breach of the Bank’s information system, and that immediately prompted the institution’s disaster recovery protocol.

The affected systems were swiftly isolated and suspended to prevent any further compromise. Relevant authorities and stakeholders were immediately notified, and the Bank’s Business Continuity Management process was invoked to ensure uninterrupted operations across critical divisions. To date, the Bank’s essential services are up and running, with all employees continuing to work across all divisions.

The Bank is taking precautionary measures to thoroughly investigate this matter in partnership with our data security partners and forensic investigators, to determine the origin and extent of the breach. The findings of the investigation will inform the Bank’s further action commensurate with regulatory requirements, and at every step, all relevant stakeholders will be contacted.

The DBSA would like to assure all stakeholders of its commitment to the responsible processing of personal information and remains cognisant of its statutory obligations. As a responsible party, the Bank continues to identify and minimise data protection risks from processing personal information.

The safety of all data within the DBSA’s possession continues to remain a priority as the Bank gets to the bottom of this unprecedented breach. As part of the DBSA’s ongoing data compliance, please refer to our website Privacy Statements.

Statement attributed to Mpho Kubelo, Chief Risk Officer at the DBSA