Legal updates and opinions
News / News
How SIM cards and open Wi-Fi allegedly exposed the SANDF’s data weaknesses
The South African National Defence Force (“SANDF“) plays a critical role in safeguarding South Africa’s sovereignty and territorial integrity.[1] As the backbone of South Africa’s defence infrastructure, the SANDF processes vast amounts of personal information, but also classified information essential to its operations, intelligence and planning.
Given this crucial function, the SANDF is expected to maintain the highest level of security when it comes to protecting its data systems. However, there have been recent allegations that its data systems were “compromised” by an installer’s SIM cards and open access Wi-Fi.[2]
It was reported that –[3]
- the computer management system that backs up all the military’s internal databases had been compromised after a contractor installed SIM cards and open access via Wi-Fi on the nationwide relay systems; and
- defence intelligence raided the relay stations to remove the microchips and SIM cards.
Whether or not an actual “compromise” occurred, this incident underscores the importance of implementing robust security safeguards as required in terms of the Protection of Personal Information 4 of 2013 (“POPIA“). In particular, section 19 of POPIA specifically requires responsible parties (in this instance, the SANDF) to take “appropriate, reasonable technical and organisational measures” to prevent –
- loss of, damage to or unauthorised destruction of personal information; and
- unlawful access to or processing of personal information.
In this instance, the allegation that the SANDF’s national data systems were compromised by an installer’s SIM cards and open access Wi-Fi suggests a weakness in the security framework of the SANDF and potentially exposes the SANDF to data breaches, unauthorised monitoring and/or even espionage which could have far-reaching consequences for national security.
Consequently, implementing appropriate security safeguards as required by POPIA such as, amongst others, encrypted communication channels and restricted access to networks is critical to protect and ensure the security of personal information. This alleged “compromise” demonstrates the urgent need for organisations, particularly those processing special personal information or those in high-security environments (like the SANDF) to proactively assess and enhance their security safeguards and data protection policies and procedures. Failing to comply presents risk from a POPIA perspective, but also (in this instance) puts national security at risk.
“There are only two types of companies: those that have been hacked and those that will be.“
Robert S. Mueller, Former FBI Director
The Werksmans Data Privacy and Cyber teams aim to empower clients in establishing robust security architecture and posture. In particular, we conduct data protection impact assessments as required in terms of POPIA in order to reveal weaknesses in security safeguards.
[1] See the website of the Department of Defence at http://www.dod.mil.za/about, accessed on 11 October 2024.
[2] See the City Press article titled “SANDF national data systems ‘compromised’ by installer’s SIM cards and open access Wi-Fi” available at https://www.news24.com/citypress/news/sandf-national-data-systems-compromised-by-installers-sim-cards-and-open-access-wi-fi-20240915, accessed on 11 October 2024.
[3] See the City Press article titled “SANDF national data systems ‘compromised’ by installer’s SIM cards and open access Wi-Fi” available at https://www.news24.com/citypress/news/sandf-national-data-systems-compromised-by-installers-sim-cards-and-open-access-wi-fi-20240915, accessed on 11 October 2024.
Latest News
A charge by any other name would smell as sweet
by Bradley Workman-Davies, Director The Labour Appeal Court's judgment in Machi v Chep SA (Pty) Ltd and Others serves as [...]
When a misdirected email becomes a data breach: The Information Regulator issues an enforcement notice on internal and accidental security compromises
by Armand Swart, Director, Hlonelwa Lutuli, Associate and Isabella Keeves, Candidate Attorney On 22 May 2026, South Africa’s Information Regulator [...]
Renting out your home? The Consumer Protection Act does not apply to you says Supreme Court of Appeal
by Armand Swart, Director In the judgment of Els v Venter and Another (449/2024) [2025] ZASCA 163 (27 October 2025), [...]
Bullies beware: When workplace toxicity becomes a dismissible offence
by Bradley Workman-Davies, Director For many years, workplace bullying occupied an uncomfortable space in South African labour law. Employers recognised [...]
The rule of law remains paramount: Lessons from City of Tshwane Metropolitan Municipality v Summer Season Trading 63 (Pty) Ltd
by Bulelwa Mabasa, Director and Head of Land Reform and Samkelo Ntuli, Candidate Attorney The dispute in Summer Season Trading [...]
Mind the Conduct: A Guide to COFI – Part 4: Principles and Conduct Requirements
by Hilah Laskov, Director Introduction In this article series, we take a deep dive into the South African Conduct of [...]
