Note to Editors: Attached please find a soundbite in English by Michael Waters MPL here.
The Gauteng Department of e-Government failed to implement a key Auditor-General (AG) recommendation to strengthen network access controls before a data breach exposed sensitive personal information on the Gauteng Government jobs portal.
The data breach affected the e-Recruitment system, specifically the Gauteng Government jobs portal. The compromised information included 283 application forms, curriculum vitae, qualifications, certified copies of South African identity documents, contact details, including e-mail addresses and phone numbers, and proof of residence.
This information was revealed by the Gauteng MEC for e-Government, Bongikosi Dhlamini, in response to the DA’s questions tabled in the Gauteng Provincial Legislature. MEC Dhlamini confirmed that the AG raised concerns during the 2023/24 audit regarding the need to implement a Network Access Control (NAC) system.
This system aims to enhance controls over who and what can access the Gauteng Provincial Government network. However, the department has now admitted that the NAC system was not implemented because it remains unfunded.
The information that was breached is not minor. These are the documents that expose applicants’ to identity theft, fraud, and other forms of abuse if they fall into the wrong hands.
The department insists that the breach was caused by a compromised user account rather than a technical vulnerability in the infrastructure. However, this does not change the fact that the AG had already warned the department to strengthen network access controls, and that they failed to implement the recommendation before the breach occurred.
Even more concerning, the department has admitted that no additional cybersecurity audits or penetration tests were conducted after the reported data leak. This raises serious questions about whether the department has fully assessed the scale of the risk and whether Gauteng residents can trust that similar breaches will not happen again.
The DA Gauteng has written to the Auditor-General to request that the department’s failure to implement this recommendation be followed up on during the current audit cycle.
The DA will also submit further questions to determine why the NAC system was left unfunded despite the AG’s recommendation. We would know who decided not to prioritise funding for the system, and whether any official has been held accountable for the failure to implement the AG’s recommendations. Gauteng residents who submit personal information to the government have a right to expect that their data will be protected. When the government fails to act on Auditor-General warnings, it places ordinary residents at risk.
The DA will continue to hold the department accountable until every outstanding cybersecurity recommendation is implemented and the public receives full transparency on how this breach was allowed to happen.
A DA-led government would immediately assess the government’s Information Technology system and determine if there are any threats. We will establish appropriate cybersecurity measures to prevent any future data breaches.








