---

South Africa's largest bank by assets is dealing with the fallout of a significant data breach after a threat actor published stolen client data online and demanded one bitcoin, worth approximately $74,331 (around R1.4 million) at current prices, to stop releasing further records. Separately, AI data services firm Sama formally notified 1,108 employees at its Nairobi delivery centre on April 16 that their positions would be made redundant at the end of April, after Meta terminated its data annotation contract with the company.

Standard Bank: Data Published, Ransom Unpaid

Standard Bank first disclosed the breach on March 23, 2026. A hacker using the handle "ROOTBOY" claims to have maintained access inside the bank's network for roughly three weeks beginning in late February before extracting approximately 1.2 terabytes of client data. The stolen files include names, ID numbers, company registration details, contact information, account numbers, and a limited set of credit card numbers and expiry dates. CVV numbers were not among the compromised data, according to the bank's official update. Standard Bank has over 9 million active retail clients, and analysts cited by TechCentral have described the incident as one of the most serious financial services data breaches in South African history.

The bank confirmed its core systems remain functional. "Our banking systems were not impacted. They remain secure and operational," the bank stated. It added that it is directly contacting affected clients and proactively replacing credit cards as a precaution: "CVV numbers are not impacted."

By April 16, ROOTBOY had published the exfiltrated data online. MyBroadband reported that ROOTBOY's ransom demand had been posted to a dark web forum. The staged data release represents a shift from the conventional ransomware model toward a prolonged extortion strategy. At 1 BTC, the demand is relatively modest in financial terms. Bitcoin traded near $74,331 on April 16, well below its all-time high of $126,198 set in October 2025. Standard Bank has not confirmed whether any payment was made, and no on-chain transaction linking the bank to the attacker's wallet has been independently verified.

South Africa's Information Regulator opened a formal investigation and requested supplementary information from the bank. One day after the parent company's disclosure, Liberty Group, a Standard Bank insurance subsidiary, disclosed a separate breach of its own. The near-simultaneous incidents have raised questions about shared infrastructure or coordinated attacks, and have placed the regulator under pressure to demonstrate that the Protection of Personal Information Act carries meaningful enforcement weight. Non-compliance with POPIA can result in fines of up to R10 million or imprisonment. The regulator received 1,607 breach notifications in just six months between April and September 2025, a 60 percent increase year-on-year.

The breach does not stand alone. South Africa's Land and Agricultural Development Bank was hit by a ransomware attack in January 2026, and INTERPOL's Operation Sentinel, conducted across Africa in late 2025, linked cybercrime syndicates to financial losses exceeding $21 million. These incidents sit within a broader global pattern: Chainalysis data shows global ransomware payments reached $820 million in 2025, down 8 percent year-on-year, while TRM Labs reported that total illicit crypto activity climbed 145 percent over the same period to $158 billion. Both figures reflect worldwide activity rather than South Africa specifically, but they illustrate the scale of the threat environment in which this breach occurred.

Sama: Meta's Exit Eliminates Nairobi's Largest AI Workforce

More than 1,100 workers at Sama's Nairobi office received formal redundancy notices on April 16 under Section 40 of Kenya's Employment Act 2007. Their contracts conclude at the end of April. Sama, a certified B-Corp that also holds contracts with Google, Microsoft, Ford, and General Motors, said it attempted to negotiate continued operations with Meta but did not succeed.

The Nairobi centre employed workers in data annotation, image and video labelling, conversation review, and AI model training tasks. It was among the largest AI data services operations in Sub-Saharan Africa by headcount, making this one of the most significant single-company tech layoff events on the continent in 2026. Annepeace Alwala, Sama's Kenya Country Lead, said: "Our immediate priority is supporting our employees through this change and ensuring continuity across our broader operations."

The human stakes of the layoffs extend beyond the immediate numbers. A 2023 TIME investigation documented serious mental health consequences for Sama's Kenyan content moderators who were required to review violent and graphic material for Meta, raising lasting questions about the duty of care owed to these workers. Labour advocates also note that affected employees have limited recourse when a client contract simply ends, despite Sama's stated commitment to living wages and benefits. That structural vulnerability sits at the core of the Kenya story: workers bear the full risk of client decisions they have no part in making.

The layoffs reflect a wider contraction across the global tech sector. Nearly 80,000 jobs were cut in Q1 2026, with close to half attributed to AI-driven restructuring. Meta's decision is consistent with a pattern among large technology companies consolidating annotation work in-house or turning to synthetic data generation, which reduces reliance on human labellers. As an editorial observation, the situation carries a pointed irony: the workers who trained AI systems are among those now most exposed to displacement by the capabilities those systems have since developed, though the direct causal relationship between any specific workforce and the automation supplanting it is rarely straightforward.

What Comes Next

For South Africa, the Standard Bank breach is a test of whether POPIA has the institutional force to hold large financial institutions accountable. For Kenya, the Sama layoffs expose the structural risk of building a national employment strategy around outsourced AI services when contracting decisions sit entirely with Silicon Valley firms. Both stories point to the same underlying reality: Africa's growing digital infrastructure is both a target and a dependency. In this publication's view, neither risk has been adequately priced into the policy and investment frameworks governing the continent's digital economy.