Media Statement issued by Pam Golding Properties 11 March 2025

Pam Golding Properties sincerely regrets that we have experienced a cyber incident that resulted in unauthorised access to some of the personal information stored on our customer relationship management (CRM) system hosted on our servers in South Africa.

This information pertains to some of our clients. It is important to note that no banking details, financial information, commercial information and/or other documents were compromised.

On Friday 7 March 2025, a third party (unknown to us at this stage), gained unauthorised access to our system using a user account.

As soon as we became aware of the security compromise, we took immediate action to secure our systems and removed all unauthorised access. While investigating the impact of this incident, we also immediately began implementing steps to contain the incident and prevent any further compromises.

We have notified affected clients/parties of the compromise in terms of the Protection of Personal Information Act (POPIA), and reported details of this matter to the Information Regulator as required by law. We have also reported it to SAPS and a case number has been allocated.

We are taking this incident extremely seriously and are taking numerous steps to contain the incident and prevent any further recurrence.

The affected user accounts have been secured, all active sessions have been terminated, and we have reset passwords for all our user accounts system-wide. We have reviewed all system access logs to determine the extent of the breach and identify any affected data. We are patching any potential vulnerabilities and reinforcing our security protocol, and implementing additional monitoring tools to detect and respond to any future potentially suspicious activity.

We have also appointed independent cybersecurity specialists to investigate the incident and will adopt any appropriate recommendations to further enhance our existing access control measures.

In our communication to affected clients, and while we are still investigating the full scope of the incident, we have made them aware of potential risks, namely:

• as a third party accessed our system using a user account, client information may have been viewed or queried,
• cybercriminals sometimes use stolen information to send fraudulent emails or messages, purporting to be from trusted sources, and
• if personal details were accessed, there is a small risk of identity fraud, although we have no evidence of misuse at this time.

Accordingly, we have advised affected clients to be cautious about clicking on links and providing sensitive information, including bank pins and user login passwords. We have cautioned them that if they suspect that a person other than one of our authorised agents is attempting to contact them or obtain their personal information, they should contact our Information Officer via informationofficer@pamgolding.co.za, or the agent they usually deal with.

We take client privacy and security, and our privacy commitments under POPIA very seriously and sincerely regret any distress or inconvenience this incident may cause. While we are still in the process of fully investigating this incident, we will be implementing additional security measures to protect all information and to minimise the effect of this security compromise.

For further information email informationofficer@pamgolding.co.za.

Frequently Asked Questions 

• What system was compromised?

Alchemy, our customer relationship management system.

• What specific personal information was compromised?

The information accessed by the threat actor is dependent on the type of information that we have stored on the Alchemy System for a particular client.  For example, your name and contact details, and in some cases, identity numbers. Any electronic copies of client documents provided to us were not accessed or viewed by the third party.

• What caused the compromise?

A threat actor outside of South Africa used a user account to gain access to our Alchemy System.  We are still in the process of gathering more information as to how access was obtained, and we have appointed cybersecurity specialists to investigate this further.

• Who accessed my personal information?

A threat actor, whose identity is currently unknown to us. We were able to determine that this third party is located outside of South Africa.

• What remediation measures have Pam Golding Properties taken to prevent future breaches?

We have taken immediate steps to contain the incident. At this stage, the system has been secured, and our security teams are continuously monitoring for any further suspicious activity. Pam Golding Properties has taken several remediation measures including:

• the affected user account password was changed and secured;
• all user passwords have been reset;
• all system access logs have been reviewed to determine the extent of the breach and identify any affected data;
• any potential vulnerabilities in the system will be patched and the security protocols will be reinforced;
• any additional monitoring tools to detect and respond to any future suspicious activity will be implemented; and
• independent cybersecurity specialists will be appointed to investigate the incident and provide recommendations for enhanced security and the appropriate recommendations of cybersecurity specialists will be adopted.
• What assurance can I have that this won’t happen again?

We conduct regular cybersecurity assessments but are aware that cybercriminals are continuously inventing new ways to gain unauthorised access to corporate systems.  Pam Golding Properties has enlisted the help of external cybersecurity consultants to investigate and to identify where further steps need to be taken to ensure that your data is protected from any further security compromises.  However, cybersecurity is an ongoing process, and we continue to strengthen our defences.

• How do I know what they have done with my information or if my personal information was misused?

At this point, we have no evidence that your personal information has been misused or shared publicly or on illegal platforms. We are working with cybersecurity experts to monitor for any potential misuse of the information. However, we encourage you to remain vigilant.  Be cautious of unsolicited communications requesting personal information. If you receive any further communications of this nature, please contact us immediately.

• Can they gain access to any of my bank accounts?

No. They were not able to access your banking details, financial information, commercial information and/or any electronic or physical documentation that you provided to us.

• Should I report this to the authorities myself?

We have already reported the breach to the relevant authorities, including the South African Police Service and the Information Regulator. However, if you notice fraudulent activity on your accounts, you may wish to report it to your bank or the police.

• Will I receive any further updates on this incident?

We will provide updates if there are any developments that affect you.

• Will this breach affect PGP’s services?

Our core services remain operational.  The security compromise did not have any impact on service availability.

Posted by The Know - Pam Golding Properties