CNPS Data Breach: SpaceBears Hack Confirmed, Government in Denial

The attack, reportedly carried out by the hacking group SpaceBears, has been confirmed by multiple cybersecurity monitoring entities, including Ransomware.live, which tracks ransomware attacks worldwide.

A Superficial Denial

While other institutions globally acknowledge cyberattacks and work toward securing their systems and protecting user data, CNPS has opted for denial, despite overwhelming evidence to the contrary. The official statement from CNPS dismisses the data breach as "bogus," maintaining that their systems remain uncompromised. This position contrasts with best practices adopted by most organizations after such incidents, which typically include prompt communication, damage assessment, and mitigation strategies to safeguard user data.

Ransomware Evidence Available Online

Research into the attack reveals that CNPS is, in fact, listed as a victim of a ransomware attack on Ransomware.live, a platform that continuously scrapes ransomware group sites to detect new breaches. SpaceBears, the group responsible for the attack, claimed to have compromised CNPS’s data on July 29, 2024, and the breach was discovered on September 12, 2024. The platform includes CNPS’s name, logo, and full details about the breach, publicly contradicting the organization's denial.

The Cybersecurity Threat

The hackers are said to have obtained millions of user records, including employee and employer contributions, social security beneficiary data, and personal information like insurance details. These critical datasets are now at risk of being sold on the dark web if CNPS fails to meet the hackers' ransom demands.

Government Rigidity

CNPS's handling of the crisis highlights the challenges faced by entities operating under rigid governmental structures, where transparency and accountability can sometimes be overshadowed by a desire to maintain a flawless public image. In this case, the denial of an attack of this magnitude could further erode public trust, especially as the hackers themselves have openly claimed responsibility.

What’s Next?

The Cameroonian government and CNPS are now under pressure to address the growing concern over the protection of personal data. If no action is taken, millions of Cameroonians could suffer the consequences of identity theft, fraud, and more.