PPRA Hit by Ransomware Attack – Personal Data at Risk

Written By Eszter Rapanos

This article will count 0.25 units (15 minutes) of unverifiable CPD. Remember to log these units under your membership profile.

The Property Practitioners Regulatory Authority (PPRA) has issued a Notice confirming a ransomware attack that affected its hosted servers on the evening of 17 April 2025. While the full scope is still under investigation, the breach may have exposed sensitive personal and financial data of property practitioners, including identity numbers, contact details, licensing records, and financial information.

What happened?

A cyberattack corrupted files on remote servers used in the processing of Fidelity Fund Certificates. While on-premise systems were not affected, several key documents became inaccessible. The PPRA has since shut down the compromised infrastructure and activated backup recovery systems.

What’s at risk?

Preliminary investigations suggest that personal information, including names, identity numbers, contact details, licensing documents, and financial records, may have been accessed. Although no ransom demand has been made and there is no evidence yet of data being published on illicit platforms, the PPRA has warned that the information could be misused for identity theft or fraud.

How This May Affect You

If you or your clients are property practitioners or service providers to the sector, your records may be at risk. Ensure your systems are secure, review data sharing protocols, and advise affected clients to monitor for fraud. Property practitioners and associated professionals are urged to remain vigilant for phishing emails, suspicious requests for personal information, or signs of unauthorised activity.

The breach also highlights the need for compliance with POPIA and robust cyber-risk controls. It serves as a reminder to review your firm’s data-sharing protocols, verify communications from regulatory bodies, and advise clients to take protective steps.

What is PPRA doing?

The PPRA has responded by shutting down the affected servers, activating backup recovery systems, and engaging law enforcement and cybersecurity experts. They have notified the Information Regulator in line with POPIA requirements and launched a full forensic investigation. Additional efforts are underway to recover data and strengthen security controls to prevent similar incidents in the future.

📣Stay alert! Report any suspicious activity and verify all PPRA-related communications via secure channels. For concerns, contact: popia@theppra.org.za.

Eszter Rapanos
Previous

$1.8 Billion Accounting Error – A Wake-Up Call for Public Finance Oversight
Next

PwC Winds Down Operations Across Sub-Saharan Africa