EXECUTIVE SUMMARY:

South African power giant, Eskom, made headlines this week when security researchers found that the company had not only succumbed to a data breach, but that the company had also been attacked by a Trojan malware program.

According to BleepingComputer, the company supplies 95 percent of South Africa’s electricity and nearly 45 percent of the electricity in Africa.

When one researcher tried to inform Eskom of the breach via Twitter, they essentially hit a wall:

Eskom first said that the user mentioned in the tweet did not belong to its system. After investigating, the company retracted its initial statement. Eskom has yet to discern whether the attacker is internal or external.

Adding insult to injury is the fact that another security researcher found unsecured public records belonging to Eskom freely floating across the world wide web. The records contained redacted payment information, meter information, and other sensitive details. After four weeks of sending emails, and direct Twitter messages to Eskom, the security researcher posted an image of the unsecured data on Eskom’s Twitter feed to catch the company’s attention.

Eskom has said that they are investigating the matter.

The lax response is something that has been all too common in recent years. The lesson that is being learned time after time: Cybersecurity cannot be an afterthought. In an age where everything is connected and anyone can access powerful cyberattack tools or services, preventive cybersecurity needs to be at the forefront.

Get the full story at BleepingComputer.