- South Africa’s space agency, SANSA, has had a data exfiltration incident from a public FTP server.
- The system has been secured now and the data that was stolen is mostly research papers.
- The only worrying aspect is student applications from 2016, which contain personally identifiable information.
SANSA (South African National Space Agency) has confirmed that they are aware of the data that has been circulating online since September 6, 2021, but claims that the shared packs contain nothing sensitive. Instead, the stolen information that was published is mostly research documents that don’t affect any employees and neither compromise any projects of the agency. Also, SANSA clarifies that they suffered no network breach and that the file dump was taken by a public FTP server used in the past for sharing non-sensitive files.
The agency removed access to the server, informed the South African data protection regulator, and is notifying the affected parties. That would be mostly student applicants who submitted some PII to the agency back in 2016, as all other files and papers are nothing but research material and miscellaneous files. Finally, SANSA says they have sent takedown requests to the sites that host the stolen data, but it may still appear on some despite their efforts.
One notable example is RaidForums, the popular clearnet hacking space where most public data leaks end up sooner or later. The relevant thread there is still up, and we don’t expect any change on that part. What may disappear or stop working are the download links to an external service, but these can always be replaced with new uploads elsewhere. All in all, the 16 GB of the stolen data are out now and will continue to circulate and get re-posted here and there.
‘DarkTracer’ has also found another post on the ‘CoomingProject’ leak portal, listing SANSA as their victim. It is unclear if the gang threatens to leak additional data on top of what was posted onto RF. Still, for now, no evidence of any confidential or sensitive data has appeared online by any leak sources.
SANSA ends its announcement by saying that no further attempts have been made to access its systems or data, no ransomware attacks have been launched against them, and no demands have been submitted. As such, this looks like an opportunistic exfiltration of publicly available data, so while it’s a blunder from the space agency for sure, it doesn’t appear to be anything too serious. Still, if you applied here back in 2016, stay alert for phishing and scam emails.