A ransomware gang has claimed responsibility for a hack on the Companies and Intellectual Property Commission (CIPC), stating that they have had access to the agency's systems since 2021.

The CIPC, an agency within the Department of Trade, Industry, and Competition, is responsible for registering companies, cooperatives, and intellectual property.

The hackers dispute the agency's claims of mitigating recent breaches and accuse the CIPC of covering up vulnerabilities. They allege accessing sensitive data, including passwords and credit card information, through a software exploit.

Despite demanding a $100,000 ransom, the hackers maintain a level of access to the CIPC's systems, highlighting serious security lapses. The agency has not commented on the ransom demand, citing ongoing investigations with law enforcement.

The hackers contacted MyBroadband after the CIPC issued a statement claiming that its "firewall and data protection systems" helped mitigate a recent data breach, and refuted this claim, stating that the agency had been breached almost three years ago and had not addressed its weak security.

The ransomware group also claimed to have accessed the CIPC's entire database, including plain text passwords and credit card information, through an exploit in a system developed by Sword South Africa. They also stated that the CIPC's security was so poor that they could add or remove directors from company registrations at will.

The group has yet to be identified by law enforcement.