South Africa’s Stats SA Hit by XP95 Cyberattack, 154GB of HR Data Stolen
South Africa’s national statistics agency, Stats SA, has confirmed a data breach affecting its human resources database, with cybercriminal group XP95 claiming responsibility. The attackers allege they exfiltrated 453,362 files (154GB) from an unspecified Stats SA server and are demanding a $100,000 (R1.7 million) ransom to prevent public release. The group has set a deadline of April 20, 2026, threatening to leak the full archive if payment is not made.
The breach targets the agency’s HR system, which allows job seekers to apply online. Stats SA acknowledged the incident, stating it is part of a broader government response to cybersecurity threats and will notify the Information Regulator for guidance.
XP95, a relatively new cyber-extortion group, first emerged in March 2026 with a distinctive interface mimicking Windows XP and Windows 95. The group previously breached the Gauteng Provincial Government, offering 3.8TB of stolen data (3.6 million files) for sale at $25,000 (R429,000) earlier this month.
South Africa remains a prime target for cybercriminals, ranking 27th globally in data breaches. A 2025 Surfshark report revealed 369,600 accounts were compromised in the country that year, with 21,000 breaches recorded between April and June alone. Since 2004, 124.2 million personal records have been exposed in South Africa, with each breached email linked to an average of 2.9 additional data points.
Statistics South Africa cybersecurity rating report: https://www.rankiteo.com/company/statssa
"id": "STA1774844935",
"linkid": "statssa",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Job seekers using the HR system',
'industry': 'Statistics, Public Sector',
'location': 'South Africa',
'name': 'Stats SA',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '453,362 files',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'HR data, job application '
'information'},
'description': 'South Africa’s national statistics agency, Stats SA, has '
'confirmed a data breach affecting its human resources '
'database, with cybercriminal group XP95 claiming '
'responsibility. The attackers allege they exfiltrated 453,362 '
'files (154GB) from an unspecified Stats SA server and are '
'demanding a $100,000 (R1.7 million) ransom to prevent public '
'release. The breach targets the agency’s HR system, which '
'allows job seekers to apply online.',
'impact': {'data_compromised': '154GB (453,362 files)',
'identity_theft_risk': 'High',
'systems_affected': 'HR database, job application system'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain, Data extortion',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '$100,000 (R1.7 million)'},
'references': [{'source': 'Surfshark report'}],
'regulatory_compliance': {'regulatory_notifications': 'Information Regulator'},
'response': {'communication_strategy': 'Public acknowledgment, notification '
'to Information Regulator'},
'threat_actor': 'XP95',
'title': 'South Africa’s Stats SA Hit by XP95 Cyberattack, 154GB of HR Data '
'Stolen',
'type': 'Data Breach, Ransomware'}