Johannesburg – The Gauteng Provincial Government confirmed Friday it has launched an investigation into allegations of a suspected data breach involving sensitive government information. The probe comes amid reports that a significant amount of personal data may have been compromised, raising concerns about potential identity theft and privacy violations for residents of South Africa’s most populous province.
The investigation was initiated after allegations surfaced regarding the possible compromise of confidential government data. Although details remain scarce as the investigation is in its preliminary stages, officials have assured the public that the matter is being treated with the utmost seriousness. The Gauteng Provincial Government is actively working to determine the scope and nature of the alleged breach, and to assess any potential impact on citizens.
According to reports, a threat actor known as XP95 has claimed responsibility for the breach, alleging the theft of 3.8GB of personal data. MyBroadband reports the data is being offered for sale on the dark web for approximately R420,000 (roughly $25,000 USD as of March 13, 2026). A separate report from Brinztech indicates the leak impacts individuals seeking government employment, exposing personal identifiers and professional histories, and poses a “Tier 0” risk.
Spokesperson for the provincial government, Elijah Mhlanga, stated that authorities are working to establish the full scope of the incident. Sizwe Pamla, spokesperson for Premier Panyaza Lesufi, confirmed the Premier’s office is closely monitoring the situation. The government has urged patience as the investigative process unfolds and reiterated its commitment to transparency and accountability in protecting government information systems.
What Data May Be Affected?
While the full extent of the compromised data is still under investigation, initial reports suggest the breach primarily affects individuals who have applied for government employment. This includes personal identifiers and professional histories, potentially exposing sensitive information to malicious actors. Brinztech identifies the leaked database as “Basis Data Terpadu” (BDT) for Tungkaran Pangeran, though the connection to the Gauteng breach requires further clarification.
The Gauteng government has not yet released a comprehensive list of the types of data potentially compromised, citing the ongoing nature of the investigation. However, officials have indicated that they are taking all necessary steps to identify and mitigate any potential risks to affected individuals.
Broader Cybersecurity Concerns in South Africa
This alleged data breach comes amid growing concerns about cybersecurity threats in South Africa. News24 reports that the Gauteng government’s investigation is underway as similar incidents are occurring elsewhere. A separate incident involving CGI Sverige AB infrastructure in Sweden was also reported on March 13, 2026, highlighting the increasing frequency of cyberattacks targeting government and private sector entities globally. DailyDarkWeb also reported a 3.8TB data breach affecting the Gauteng Provincial Government.
The incident underscores the importance of robust cybersecurity measures and data protection protocols, particularly for government institutions that hold vast amounts of sensitive personal information. Experts emphasize the need for continuous monitoring, regular security audits, and employee training to prevent and mitigate the risk of data breaches.
What Happens Next?
The Gauteng Provincial Government has stated that it will provide further communication as the investigation progresses and more verified information becomes available. Authorities are focused on verifying the claims made by the threat actor, assessing the extent of the data compromise, and implementing measures to protect public information. The investigation is expected to involve collaboration with cybersecurity experts and relevant law enforcement agencies.
This is a developing story, and archyde.com will continue to provide updates as more information becomes available. We encourage readers to share their thoughts and concerns in the comments below.
