Nampak Addresses Cybersecurity Breach and Affirms Continuation of Manufacturing Operations

Nampak, Africa's leading packaging company, recently announced an unauthorized breach of its Information Technology systems on March 20, 2024. The incident unveiled vulnerabilities within the company's "robust and embedded security protocols," leading to the involvement of third-party cybercriminals.

Upon recognizing the breach, Nampak swiftly launched a series of containment and remediation strategies to control and assess the damage and restore its IT systems. The response included partnering with both local and international cyber security and forensic specialists. These experts collaborated with Nampak's internal IT team to gauge the scope of the breach and work on securing and reinforcing the affected systems.

While the breach did present challenges, Nampak confirmed there has been no compromise to its manufacturing operations, which remain functional. Where necessary, the company is utilizing manual processes through pre-established backup compensating controls. In pursuit of mitigating the impact and maintaining the business flow, the company is actively engaging with suppliers and customers to continue product deliveries without significant interruptions.

In compliance with the legal requirements of the Protection of Personal Information Act (POPIA), Nampak proactively communicated the incident to the Information Regulator, signaling its adherence to statutory obligations. The company pledged to keep the regulator updated throughout the investigation. Furthermore, Nampak assured that notifications would be issued to any individuals potentially affected by the data breach, in alignment with the mandates of POPIA.

Nampak's commitment to protecting data and privacy extends to full cooperation with legal authorities as needed during and post-investigation. In light of the evolving cyber threats, the company has reiterated its dedication to regularly reviewing and fortifying its cybersecurity frameworks and technical infrastructure to guard against similar risks in the future.

This incident underscores the importance of cyber resilience for corporates in our increasingly digital age, and highlights the need for continual investment in advanced security measures to safeguard against sophisticated cyber threats.