The multi-million Pula, Motor Vehicle Accident Fund (MVA), main core IT system has been hacked and is struggling to resolve the unknown cyber-attack since November 2021.
The cyber-attack is suspected to be for purposes of ransomware where the unknown hackers want money to release the hacked data. MVA could not confirm if the hackers are looking for ransom for them to release the hacked classified data as they usually want money from companies.
It is also suspected that hackers took advantage of vulnerable ICT systems which are outdated and have not been recently updated.
It is over three months since the matter has been reported to the Botswana Police, Directorate of Intelligence and Security (DIS) as well as BOCRA. The MVA had initially engaged a certain Consultant to rescue the situation but it was not fruitful and the MVA has now engaged the second consultant to resolve the issue which cost millions of Pula if not addressed on time.
Currently the Fund’s cyber-attack is not clear if someone is covering up some audit issues and deleting information and audit trails as the Fund receives lots of funds through fuel levy and its attraction to hacking and system manipulation. It is not clear when and how the data will be recovered, and also if data backups have been done well.
MVA confirmed that the cyber-attack took place on the 30th of November 2021 when the systems froze and could not undertake their daily operations. The risky inconvenience has affected all the offices nationwide, and their operations have been severely affected as the Fund is only able to offer limited services.
The unknown hackers managed to break into computer systems and have the possibility of installing dangerous malware without MVA’s knowledge and consent.
Led by chief executive officer (CEO) Michael Tlhagwane, he confirmed that in line with the existing protocols, they have notified and engaged the relevant stakeholders, and that they are working around the clock to resolve the challenges.
“We have resorted to offer our clients some services manually. These include medical assistance, funeral expenses benefits, loss of support/income and general customer services,” said Tlhagwane.
He believes that they have improved their systems security protocols to minimize future potential security breaches, though cyber security is a complex field.
The Fund recorded a total comprehensive Income of P105.6 million in 2019 in comparison to a comprehensive Loss of P242.8 million recorded in 2018. The positive variance is due to Fair Value Gains on available for Sale Investments and prudent management of expenses.
The Fund recorded a Net Deficit of P170.1 million which was a decline from the Net Surplus of P12.9 million recorded in 2018. The asset base however, remained strong at P4.1 billion.
On costs, the Fund recorded Total Expenses of P418.7 million in 2019, which was an increase from P384.4 million recorded in 2018. The increase was attributable to the increase in claims provision which increased trust liabilities and consequently interest expense of trust liabilities.
