Latest Notice

GEPF is 110.1% funded

NOTIFICATION OF SECURITY COMPROMISE AS PER SECTION 22 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013 (“POPIA”)

3 min read

The GEPF’s operator, the Government Pensions Administration Agency (GPAA), had experienced a cyber-attack on the 16th February 2024, where criminals launched a ransomware attack on some of the GPAA’s systems. The investigation of the incident found that certain data folders may have been compromised. This data could include your personal information, which GPAA stores as part of its processes to manage pension benefits on behalf of the GEPF. Data subjects were notified of the security breach and potential compromise of personal information on 20 March 2024 furthermore, the security compromise was reported to the relevant authorities, entities and Information Regulator for further investigations, support and transparency.

Approximately, 168000 data subjects records were accessed as the result of the cyber-attack. The affected records are limited to names, surnames, ID numbers, pension numbers, employee numbers, gender, spouse’s information, salary information, marital certicates, death certicates, banking details, and tax numbers. Unauthorised access to this information could lead to criminals impersonating the data subjects.

We apologise for any inconvenience caused and assure you that every reasonable step has been taken to ensure that all GEPF/GPAA systems and platforms are safe and protected from unauthorised and unlawful access. As a precautionary measure, we urge you to follow these security tips:

1. Verify requests for personal information and on respond when necessary.
2. Do not share your passwords or PINs over the phone, fax, social media, text, WhatsApp, or email.
3. Use unique passwords for different accounts and change them regularly.
4. Install and update antivirus software to scan your devices for malware.
5. Avoid clicking on suspicious links or responding to unusual messages.
6. Monitor your bank accounts and credit reports for unusual activity.

The GEPF has ensured that ICT systems are updated to harden security controls and patched with the latest supported versions. These updates include user and privileged access management to reduce the risk of unauthorised access. The implementation of next-generation firewalls ensures robust perimeter security, resulting in decreased potential external threats. Patch management on server infrastructure and workstations is in place and monitored. Reliable antivirus solutions have been deployed in the environment, with the required encryption of endpoint devices.

The final controls for implementation will include the finalisation of deployment of a Security Operations Centre and network monitoring solutions. These solutions will allow continuous monitoring and reporting on threats and suspicious activity on the networks, systems, and applications used in the administration. The network infrastructure will also be upgraded to ensure further security controls are available to the administration.

The GEPF/GPAA remains committed to protecting your personal information. Data subjects were notified of the security breach and potential compromise of personal information on 20 March 2024 through a media statement of the websites of both GEPF and GPAA, additional to that, an updated media statement was published in September 2024 following an investigation into the breach.

The GEPF/GPAA have placed all notifications of the breach incident on www.gepf.co.za and www.gpaa.gov.za respectively, detailing the security compromise as per Section 22 of Protection of Personal Information Act, 4 of 2013 (“POPIA”). Further, the GEPF/GPAA will proceed to inform the data subjects should there be any updates relating to the breach. Kindly contact the offices of the GEPF/GPAA for reporting any suspicious activities which might berelated to the breach.

Issued by the Government Employees Pension Fund

Like what you see? Share with a friend.

Founder of SAAS First – the Best AI and Data-Driven Customer Engagement Tool


With 11 years in SaaS, I’ve built Million Verifier and SAAS First. Passionate about SaaS, data, and AI.

Share with your community!

In this article

Related Articles

THE GEPF WILL HOST AN INFORMATION SHARING SESSION IN KURUMAN, NORTHERN CAPE

Venue: Thabo Moorosi, Multi-purpose Centre, KurumanDate: 12 April 2025Time: 08h00 – 16h00

THE GEPF WILL HOST PRE-RETIREMENT WORKSHOP IN DE AAR, NORTHERN CAPE

Venue: Emthanjeni Multi-purpose Centre, Nonzwakazi, Township, De Aar.Date: 10 April 2025Time: 08h00

ISAZISO NGOKUTHIKAMEZEKA KWEZOKUPHEPHA KWEMINININGWANE YABANTU ESILAWULWA ISIGABA 22 SOMTHETHO I-POPIA 4 KA-2013

UPHIKO olubhekele ukuhlelwa nokuklanywa kwezimpesheni iGovernment Pensions Administration Agency (GPAA) lwabhekana nenkinga

KENNISGEWING VAN SEKURITEITSKOMPROMIE VOLGENS ARTIKEL 22 VAN DIE WET OP DIE BESKERMING VAN PERSOONLIKE INLIGTING, 4 VAN 2013 (“POPIA”)

Die GEPF-operateur, die Administratiewe Agentskapv an die Staatspensioenfonds (GPAA), het op 16

NOTIFICATION OF SECURITY COMPROMISE AS PER SECTION 22 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013 (“POPIA”)

The GEPF’s operator, the Government Pensions Administration Agency (GPAA), had experienced a

THE GEPF WILL HOST PRE-RETIREMENT WORKSHOP IN OTTERY, CAPE TOWN

Venue: Good Hope Christian Centre, Corner Plantation and Panton Road, OtteryDate: 30 January 2025Time: 08h00