NAMPAK LIMITED - Voluntary Announcement to Market: Cyber Incident
26 March 2024 16:20
Voluntary Announcement to Market: Cyber Incident

NAMPAK LIMITED
(Incorporated in the Republic of South Africa)
(Registration number 1968/008070/06)
Ordinary Share Code: NPK
Ordinary share ISIN: ZAE000322095
6.0% Preference Share Code: NPKP ISIN: ZAE000004958
6.5% Preference Share Code: NPP1 ISIN: ZAE000004966
LEI: 3789003820EC27C76729
("Nampak" or "Company")


VOLUNTARY ANNOUNCEMENT TO MARKET: CYBER INCIDENT

On 20 March 2024 Nampak detected unauthorised activity on its IT systems. An
unknown third-party gained access to its IT systems, notwithstanding the
Company's robust and embedded security protocols. The Company immediately
took the necessary steps to contain, assess and remediate the incident.

Nampak is taking the necessary measures to determine the scope of the
compromise, to restore the integrity of its information systems and to ensure
that it is not exposed to further risk. The Company has retained local and
global cybersecurity and forensic experts to work with its capable in-house
IT team to manage this process.

In line with the Company's business continuity plans, Nampak has switched
over to its backup manual compensating controls and continues to function
using these processes. This breach has not affected the manufacturing
facilities and operations which are functioning as normal, albeit with some
manual operating systems where required. The Company will work with its
suppliers and customers to ensure that the impact of the incident is
contained, and it is able to continue delivering products as required.

Nampak is aware of its obligations under the Protection of Personal
Information Act (POPIA) and an initial notification has already been made to
the Information Regulator. This will be supplemented as the investigation
progresses, and a notification to potentially affected data subjects will be
made as soon as possible, in accordance with POPIA requirements. The Company
will cooperate with the authorities as and when required. Nampak regularly
reviews and strengthens its cybersecurity policies and procedures, and
technological capabilities, to mitigate against the ever-evolving cyber risk
landscape.


Bryanston
26 March 2024

Sponsor:
PSG Capital

Date: 26-03-2024 04:20:00
Produced by the JSE SENS Department. The SENS service is an information dissemination service administered by the JSE Limited ('JSE'). 
The JSE does not, whether expressly, tacitly or implicitly, represent, warrant or in any way guarantee the truth, accuracy or completeness of
 the information published on SENS. The JSE, their officers, employees and agents accept no liability for (or in respect of) any direct, 
indirect, incidental or consequential loss or damage of any kind or nature, howsoever arising, from the use of SENS or the use of, or reliance on,
 information disseminated through SENS.