Nampak has delayed the release of its interim financial results, blaming the delay on ongoing work the company is doing to ensure the integrity of its financial data following a cyberattack in March.
According to a notice to shareholders published via the JSE’s stock exchange news service on Thursday, Nampak’s interim results for the six-month period ending March 2024 will now be published 28 June.
“Historically, Nampak has released its interim results in the last week of May. Following the cyber incident, the company has taken a range of steps to restore the group’s information management and reporting systems,” Nampak said the statement.
“The group’s systems are up and running again, but given that the incident occurred shortly before the close of the interim period, further steps are being carried out to ensure that all financial information is complete and accurate.”
Nampak was hit by a cyberattack in March in which an “unknown third party” gained access to the company’s IT systems.
According to statement by Nampak at the time, none of its manufacturing facilities and operations was impacted by the breach. To manage the disruption, however, Nampak resorted to backup “manual compensating controls” to maintain operational continuity.
In line with Protection of Personal Information Act, Nampak notified the Information Regulator of the breach, saying an ongoing investigation would help identify affected data subjects who would then be notified as required under the act.
Ransomware
In an update on the incident, published in early April, Nampak suggested it was the victim of a ransomware attack that encrypted some of its corporate data.
“Due to the encryption of data, it is not possible at present to determine what personal information of data subjects may have been accessed or acquired by the unauthorised external threat actor,” it said.
“This security compromise has not affected the Nampak manufacturing facilities and operations, which are functioning as normal, albeit with some manual operating systems where required.
“On 3 April, Nampak identified that the external threat actor published a dark web post revealing Nampak as a victim on a page associated with the LockBit 3.0 ransomware group.”
It said the impacted data “may include files related to Nampak’s legal, finance and human capital functions”.
The financial data required to conduct its reporting duties was not lost in the cyberattack, but its accuracy is being scrutinised.
“The company has elected to delay the publication of its interim results to accommodate these steps. Nampak has taken a prudent approach in ensuring the integrity of its financial reporting obligations to shareholders,” it said. – © 2024 NewsCentral Media