Business Maverick


Transnet cyberattack puts employees’ salaries at risk while backlogs at ports mount

Transnet cyberattack puts employees’ salaries at risk while backlogs at ports mount

In an internal email sent to Transnet employees on Monday, the rail, port and pipeline company said the attack was ‘unprecedented’ and had brought the company to a standstill.

State-owned port and rail operator Transnet is still reeling from the cyberattack it suffered last week, with movement in and out of SA’s ports at a near standstill and its employees forced to stop working and stay off the company’s digital systems for fear of further leaks of sensitive information. There is also the risk that the majority of Transnet’s more than 55,000 employees will not be paid salaries due on Tuesday.

Last week, Transnet said its IT applications had been compromised, forcing it to shut them down to identify the source of the attack. At various ports and on its rail system, the company had restored to “manual operations”, it said, slowing down its ability to receive and offload containers from ships and trucks.

It is unclear whether or not the cyberattack was part of a ransomware sting. Ransomware attacks have been growing in frequency globally and in South Africa. Typically, hackers gain access to sensitive information, disable systems linked to it, and threaten to make the information public if they are not paid a ransom, usually in hard-to-trace blockchain currencies or digital tokens.

In an internal email sent to Transnet employees on Monday, Transnet said the attack was “unprecedented” and had brought the company to a standstill.

The email said that all non-operational employees would be required to take leave from Monday until Thursday, and that workers with insufficient annual leave days would have them deducted from their next leave cycle.

“At this juncture, no employee is allowed to access Transnet’s network, E-mail or [Microsoft] Teams applications, or any other systems like SAP HCM, where all employee data is stored and maintained and the platform that we use to pay our employees,” read the email sent to employees by Transnet’s human resources division. 

“As it stands, we have been working relentlessly to ensure that our employees will be paid on Tuesday, 27 July 2021, and to get our systems functioning again.” 

South African Transport and Allied Workers’ Union General Secretary Jack Mazibuko, whose union is one of the major labour representatives at the freight utility, said the company told workers at a meeting on Monday afternoon that it was still trying to resolve the IT situation. 

“We emphasised to them that this must not affect employees’ salaries. They assured us that salaries will be paid tomorrow [Tuesday],” Mazibuko said. 

A Transnet employee, who asked to remain anonymous, said rail and port operators would consider downing tools if they did not receive their salaries, and that there was already panic among employees.

Transnet’s rail operations were disrupted by the unrest and violence that engulfed KwaZulu-Natal and Gauteng two weeks ago, forcing it to temporarily close its Natcor North-South line, which is a vital conduit for fresh produce and minerals. 

The chief executive of the Fresh Produce Exporters’ Forum, Anton Kruger, said the delay at ports would compound the revenue losses for fruit sellers. 

“The cyberattack has a huge impact on the export of fresh produce. The port terminals are not operational and thus no stock could be loaded. It’s peak citrus export season. We have already lost about 12 days, given the KZN unrest coupled with the cyberattack,” Kruger said. 

Gavin Kelly, CEO of the Road Freight Association, said cargo ferried by trucks was also feeling the pinch. 

“This is creating massive delays and creating unreliability of the movement of goods across all modes of transport,” Kelly said. 

“The gates to ports are closed, which means no trucks are moving in either direction. The manual processes being used are also creating problems in terms of operations. Road freight operators already have a huge backlog resulting from last week’s civil unrest.” 

Transnet had not responded to written queries from Business Maverick by the time of publication. DM/BM


Comments - Please in order to comment.

  • Harro von Blottnitz says:

    Has the insurrection gone into Cyberspace? This is an attack on national keypoints – achieving what the physical blocking of the supply lines to Gauteng achieved for a few days.

  • Charles Parr says:

    I can’t understand why these big organisations that are IT dependent aren’t protecting their systems better. Surely that’s a responsibility of management. But then in this country no one takes responsibility.

  • Martin Dreschler says:

    I strongly suspect the same instigators of the recent unrest behind this. First attempt to trigger a coup by looting the shops failed, this is the second attempt to de-stabilize the country, probably with much worse consequences than the first attempt. Many more empty shelves for much longer, large scale job losses, disinvestment, it will cripple the economy much more than the recent looting spree! This is an attempt to make this country ungovernable.

Please peer review 3 community comments before your comment can be posted


This article is free to read.

Sign up for free or sign in to continue reading.

Unlike our competitors, we don’t force you to pay to read the news but we do need your email address to make your experience better.

Nearly there! Create a password to finish signing up with us:

Please enter your password or get a sign in link if you’ve forgotten

Open Sesame! Thanks for signing up.

Daily Maverick Elections Toolbox

Download the Daily Maverick Elections Toolbox.

+ Your election day questions answered
+ What's different this election
+ Test yourself! Take the quiz