Data Subject Notification

1. This is a notice by Cochrane Steel Products (Pty) Ltd (“Cochrane“/”we“/ “our“)to inform our customers, suppliers and employees (“data subjects“) that Cochrane recently suffered a third party cyber incident affecting our systems which resulted in unauthorised access to data.

2. Accordingly, this notice serves as notification, in terms of section 22 of the Protection of Personal Information Act, No. 4 of 2013 (“POPIA“), to Cochrane’s data subjects.

3. Cochrane immediately undertook a cyber investigation into the incident, engaging forensic experts and also implemented additional security measures to protect against data loss and future unauthorised access to our systems and have strengthened security measures against future cyber incidents. 

4. The latest findings in the investigation have revealed that some data has been exfiltrated and that those exfiltrated data sets are likely to contain personal information.

5. As the investigation is ongoing, at this stage we do not know the extent to which personal information may have been accessed nor the identity of the perpetrator who may have acquired the data containing personal information.

6. Out of an abundance of caution, we are notifying all our data subjects of this incident in order to ensure that they are able to take the necessary precautions to avoid any potential adverse consequences from this incident and to be on the alert for any possible scams or fraudulent activity.

7. Cochrane values the privacy of data subjects whose personal information it processes and deeply regrets that this incident occurred. For further information and assistance, please contact:

Jennifer Leigh Cochrane, Information Officer

compliance@cochraneglobal.com

+27 11 593 0400