By: Nhiinomenwa-vali Hangala
The Namibia Cyber Security Incident Response Team (NAM-CSIRT), has yet to determine the root cause of the incident involving the Namibia Student Financial Assistance Fund’s (NSFAF) data breach.
The response team shared communication that they are conducting an investigation into the matter in efforts to fully understand the scope and nature of the breach. This data breach involved the Personally Identifiable Information (PII) of certain students being inadvertently published on the institution’s website, to which the response team stated was no longer visible on NSFAF’s website.
“We are currently unable to confirm whether this incident involves ransomware; however, this remains a key focus of our investigation,” the team wrote, adding that the incident underscores the urgent need to finalise national data protection laws.
NAM-CSIRT indicated “that the country’s legal framework needs to be strengthened to be able to manage data breaches.”
They went on to explain that in the absence of a comprehensive legal framework, institutions currently lack clear protocols for managing data breaches and providing recourse to affected individuals. Moreover, strengthening the country’s legislative infrastructure is essential in ensuring accountability, transparency, and the protection of personal information in the digital age.
“We are treating this matter with the utmost seriousness and will provide further updates as more information becomes available,” stated Emilia Nghikembua, head of NAM-CSIRT.
Nghikembua added that NAM-CSIRT remains committed to transparency and will continue to keep stakeholders informed of any significant developments, without compromising the integrity of the investigation.
NAM-CSIRT, housed at the Communications Regulatory Authority of Namibia (CRAN) was established to contribute to the security and stability of the critical information infrastructure (CII) of the Namibian government and relevant public and private institutions, underpinning the safety, economic stability and social well-being of citizens.
Through a structured governance framework, NAM-CSIRT would function as the national focal point for coordinating cybersecurity incidents and response efforts.
CII threats remain on the rise; the magnitude, frequency, and impact of such security incidents can impede the pursuit of economic activities, generate substantial disruption to critical services, financial services, undermine public confidence, and cause disruption to the economy.
