Transnet cyber attack confirmed: Port terminals division declares force majeure

‘Security intrusion and sabotage’ a major blow, but group now says ‘significant progress has been made in restoring Transnet SOC Ltd IT systems’.
The unit is one of Transnet’s biggest, handling container cargo at the ports in Durban (pictured), Cape Town, Ngqura and PE. Image: Supplied

In an unprecedented move, Transnet Port Terminals (TPT) declared force majeure on Monday following the ongoing fallout from a cyber attack last week which hit the entire Transnet Group, South Africa’s state-run ports operator and freight rail monopoly.

While the group has tried to play down the hacking – initially describing it as a “disruption on its IT network” – TPT’s confidential force majeure letter to customers on Monday confirmed that it is “an act of cyber-attack, security intrusion and sabotage”.

Cyber attack: Union wants ‘decisive action’ to protect Transnet
Cyber hack hits Transnet’s operations

Moneyweb has a copy of the force majeure notice and its veracity has been confirmed by several Transnet and logistics industry sources.

The letter is titled ‘Declaration of force majeure for Transnet Port Terminals container terminals in the Ports of Durban, Ngqura, Port Elizabeth and Cape Town – confidential notice to customers’. It was sent out by TPT chief executive Velile Dube.

This confirms a major blow for Transnet Group, with TPT being one of its biggest and most important divisions.

The force majeure letter that Transnet Port Terminals (TPT) sent to customers on Monday, 26 July.

TPT operates the container handing facilities at Durban – sub-Saharan Africa’s busiest container port – as well as container terminals in Cape Town and the Eastern Cape ports of Ngqura and Port Elizabeth.

Websites still down

On Monday, the websites of Transnet and its divisions were still offline – for the sixth day.

The group had resorted to a manual system in an effort to continue to operate key divisions, such as TPT. However, with further trucking delays, especially at the Port of Durban (which handles over 60% of South Africa’s container traffic), TPT seems to have had no option but to institute “force majeure” on Monday.

“This serves as notice of declaration of Force Majeure event, which occurred on 22nd July 2021 and continues to persist, when Transnet, including TPT, experienced an act of cyber-attack, security intrusion and sabotage,” the letter states.

It adds that this has “resulted in the disruption of TPT normal processes and functions or the destruction or damage of equipment or information”.

“Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage. Transnet is implementing all available and reasonable mitigation measures to limit the impact of this compromise,” the letter further states.

“Accordingly, TPT hereby invokes the provisions of clause 11.1 read together with clause 11.2.11, of the TPT Conditions of Trade and as TPT is prevented from, or delayed in performing any of its obligations under such Conditions of Trade or such commercial agreements in respect of the Container sector, hereby gives notice of an FM [force majeure] Event declaration with immediate effect,” Dube explains in the notice.

Vital links taken out of the supply chain by unrest and looting
No major improvement in Durban Port efficiencies, says organised business

“TPT’s [relief] from liability stipulated herein will remain in full force and effect despite the implementation of the mitigation measures detailed herein,” he adds.

“In keeping with the provisions of clause 11 of the TPT Conditions of Trade, TPT has put certain mitigation measures in place to ensure operations at the container terminals are still running albeit slower than expected.”

“One such measure is to ensure that a manual system has been put into place for the loading and discharge of containers. Further, in the event that any damage occurs during operations customers will be notified using a manual process which will be confirmed via email as soon as TPT systems are up and running again,” it notes.

Dube gave further details of how TPT would be treating berthing as well as imports and exports at the affected container terminals while the IT system remains offline.

Public Enterprises Minister Pravin Gordhan is yet to comment publicly on the cyber attack at Transnet, but Moneyweb understands that he has had urgent meetings with Transnet executives, including group CEO Portia Derby, regarding the issue.

Gordhan’s department also has the issue of Mango Airlines going into business rescue this week to deal with.


Down to two planes, Mango should’ve been in business rescue with SAA

Mango Airlines to enter business rescue, says SAA interim CEO

With questions swirling on whether the Transnet hacking was linked in any way to the recent riots, looting and sabotage in KwaZulu-Natal and parts of Gauteng, acting Minister in the Presidency Khumbudzo Ntshavheni initially said during her briefing on the situation in KwaZulu-Natal last Thursday that government was investigating if the two were related.

However, in her briefing on Friday, she said that government did not believe the security breach at Transnet is linked to the unrest.


Transnet group spokesperson Ayanda Shezi issued a statement on Tuesday saying: “Significant progress has been made in restoring Transnet SOC Ltd IT systems, with most of the affected applications up by Monday 26 July 2021.”

She conceded that TPT had issued a force majeure notice on 26 July 2021 to customers, for the period from 22 July 2021. However, Shezi noted that the force majeure “is expected to be lifted soon”.

“It is expected that some applications may continue to run slowly over the next few days, while monitoring continues. All operating systems will be brought back in a staggered manner, to minimise further risks and interruptions,” she explained.

“At the ports, each container terminal has communicated its transition plan from manual operation to the full Navis-driven operation [Navis is a container handling software operating system that TPT uses]. The terminals are berthing vessels as planned and facilitating loading and discharge operations with the shipping lines,” she added.

“We will continue to work directly with shipping lines in order to facilitate maximum import evacuation and further exports planned for future vessels. Controls have been developed, in conjunction with the shipping lines and the SA Revenue Services’ [Sars] customs division to ensure safe clearance and evacuation of each container,” Shezi pointed out.

Meanwhile, Shezi stressed that salaries of Transnet employees have been processed on schedule.

“There was never a doubt that as an organisation we will not honour our obligation to our employees,” she said.

Shezi further noted that the business continuity plans at Transnet Freight Rail (TFR) enabled the division to continue “utilising manual backup operations, and run trains as planned”.

She assured stakeholders and customers that all processes followed allow for the safe operation of trains.

“We have requested customers with cross-border traffic and where the Sars clearance process is applicable, to submit hard copies of the Sars clearance documentation with their consignment noted at the Order Entry Office/Terminals. This will assist in the manual system application to authorise the departure of trains,” she said.

“Transnet will continue to engage and collaborate with affected customers. A further update will be provided once full operations resume,” Shezi added.



Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


Just another brick to pave the ANC road to perfection. Failed State.

In this case I would strongly disagree with you Pelz-ebub. Major public infrastructure like gas pipelines in the US, public hospitals in Ireland have been cyber-attacked, SA is just joining a global trend. The only difference could be the motive, in this one I smell a rat, it could be one of Zuma’s saboteurs trying to cripple the economy by blackmailing the government to release him from jail.

Then at very least have a backup/ fallback plan. It’s day 5 and not 1 container has left or entered our Ports yet!! Have we any idea what this effect has on our GDP. I for one,as one miserable little truck owner has lost R600 000-00 worth of turnover in this time. Funny thing is that the Manual system that we operated with before this Navis system was more efficient but did not cover the “theft” element from mainly inside jobs!

Commercialism is not the socialist ANC’s game, let’s be honest about that!

According to the radio this hack started at the same time as the insurrection. Maybe it is Russia or China?

…cannot disagree but to throw in this scenario..

The ANC is drunk on “On Tap” money…and its beginning to run dry

I would not put it past them Hacking the infrastructure, paying over ransom and “scurrying” the money into fictitious a/c

Loadshedding causing all HQ’s PCs to switch off is hardly a “cyber attack”.

Any possibility this is linked to the 800 000 rounds of ammunition missing from the container depot? (800 000 that was reported – could it be more?)

God forbid- and hopefully nobody left any ammonium nitrate/ old fertilizer lying around like Beirut and Texas.

Any possibility it’s linked to secretive, repeated medical treatment trips to Russia by a very high-ranking ANC politician in SA…..??

Very funny indeed. Hahahahaha

There has been a disturbing trend in Europe where the IT systems of companies (big and small) are being shut down/hi-jacked by hackers who then demand a ransom before they restore any form of functionality or release any of the stolen data. It’s a threat everywhere.

You noticed this now? In Europe?

You noticed this now? In Europe?

Also in the United States. Two scenarios;
1. Non-political to secure a ransom, and
2. Politically driven to influence the outcome of elections, hit key state machinery like military installations, etc

Let’s be optimistic and assume that next month there will be no more force majeure events in South Africa. It would be sad to see a trend develop.

Nah, next month we will have yet another public holiday, once again adding to our stop/ start stuttering economy’s woes, then another one in September, when SA can ill afford to lose an hour let alone days!

But the sun will come up and grow the bananas.

Eishhhhh has been replaced by Force Majeure, expect to hear it a lot more in future… this 2 word phrase speaks to collective “responsibility”

Search You tube for North Korean Cyber army. Its just that our Govt. SOE’s are soft targets. Always sleeping on the snooze button.

all these screw-UPs…. the people don’t even understand when they call for computing support…. listen here…. “press any key” on the keyboard!!!

Just after Cyril and his Merry Men decided to Split it into 2 Seperate Divisions !!! Mmmmm !
Lets face it we are well and truly a third world Shambles now .
Next the Banking Sector will get hacked and we will completely Stuffed

“Force Majeure” is used very loosely in this instance. Soon, a senior manager getting a flat tyre on the way to work will also be called Force Majeure.

It is important to distinguish between “business continuity” planning (ie business contingency planning) and the legal term “Force Majeure”.

Indeed. they failed to develop a proper BCP and now call it force majeure. It’s not an act of God, but failure to take care of business and not admitting it…

Wonder if Ryan Joffe’s Moldavian ex is also hustling Transnet here? Prob asking a tad more than the R500 k she wanted from the lovely nasal man-baby

Cyberattack from Rwanda

Why Rwanda?
Far more likely from RUSSIA…(and we all know who is currently in that country for undisclosed, prolonged “medical treatment” AGAIN……

End of comments.



Subscribe to our mailing list

* indicates required
Moneyweb newsletters

Instrument Details  

You do not have any portfolios, please create one here.
You do not have an alert portfolio, please create one here.

Follow us: