A recent ransomware cyberattack on the Land Bank has compromised its ability to complete and table its corporate plan in time to meet the deadline, finance minister Enoch Godongwana has told parliament.
The 2026/27 plan had been due to be tabled by February 28 in accordance with the Money Bills Amendment Procedure & Related Matters Act, but Godongwana said he had agreed to request an extension until the end of April.
“There was a recent cyber incident affecting the Land Bank’s ICT environment,” he wrote in a letter to National Assembly speaker Thoko Didiza. “The entity is currently unable to access crucial systems and source information required to finalise the corporate plan submission.
“The Land Bank has also indicated that the occurrence has hampered access to information required to ensure full compliance with the PFMA [Public Finance Management Act] and other relevant governance frameworks.
“Consequently, I will be unable to table the corporate plan on the date set by parliament. Based on the above, I hereby request an extension to table the Land Bank corporate plan no later than 30 April 2026.”
The minister, as the executive authority of a public entity, is required to table the corporate plan before the beginning of the financial year.
In a written reply to questions from parliament revealed in March, Godongwana said the Land Bank had detected unauthorised activity in its computer systems in an apparent attempt to extort millions of rand from the bank.
“The threat actors have requested five bitcoin (of approximately R5.4m currently) as a ransom payment for the return of data and/or the nonpublication of data. Land Bank has taken the decision not to make any ransom payment and confirms that no ransom payment was made,” he said at the time.
The entity is currently unable to access crucial systems and source information required to finalise the corporate plan submission.
— Finance minister Enoch Godongwana.
“Preliminary investigations indicated that a third party gained access through a vulnerability on an internet-facing server and deployed ransomware, which encrypted a portion of the Land Bank server environment as well as multiple laptops.
“The ransomware targeted servers in virtual server environments that are running Microsoft operating systems. The threat actors have been identified as a ransomware-as-a-service group.”
Godongwana said the Land Bank’s critical enterprise resource planning (ERP), core banking and customer relationship management systems were not accessed and therefore not compromised.
“The remainder of the environment was either encrypted or rendered inaccessible to the Land Bank IT team and users. Multiple laptops were also encrypted.”
The Land Bank had made all statutory and regulatory notifications, he said, including reports on a case to the police the next day in line with the Cybercrimes Act, notifying the information regulator on the day of the breach and notifying data subjects.
DA MP Wendy Alexander, a member of the standing committee on finance, told the Sunday Times this week that while the committee was grateful for the insight it had received from the minister over the state of the Land Bank and the data breach, it would appreciate clarity on the extent to which it had presented operational challenges.
“The question to me now is: what is the delay for the development of the corporate plan, which is a strategic document? I understand a short extension may be justifiable, but as a committee, we would want a briefing of the full challenge and extent.”
Sandra Sithole, partner at Webber Wentzel, and Rethabile Shabalala, senior associate at Webber Wentzel, said technological developments in recent years presented new opportunities, challenges and risks for financial institutions, especially insurers.
“Technological advancement and digitalisation have introduced heightened exposure to cyberattacks, fraud and data breaches, requiring insurers to reassess products, pricing and risk models. Economic uncertainty may also necessitate premium increases to reflect higher costs and risk, raising affordability concerns for consumers.”
Godongwana said the Land Bank isolated its environment, removed indicators of compromise, strengthened its security controls by hardening and configuring firewalls and patching vulnerabilities, among other measures, to ensure that any unauthorised attempts to enter the Land Bank’s IT environment can be detected and remedied effectively and timeously.
“All Land Bank’s bank accounts and transactions were suspended unless transactions were specifically authorised under executive approval. It must be reiterated that ERP, core banking and CRM [customer relationship management] systems were not compromised during this incident.”
The Land Bank board had already approved an implementation plan for an information security controls improvement plan in accordance with industry best practice, he said. The improvement plan will be implemented in phases within the next six months, he said.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.