A Nigerian threat actor calling itself Nullsec Nigeria, also known as Anonymous Nigeria, says it has breached South Africa’s Department of Correctional Services and is threatening to leak stolen data unless what it calls xenophobic attacks on Nigerians come to an end. The claim adds a cyber dimension to a diplomatic and social crisis already inflamed by anti-foreigner violence and rising regional tension.

The group made the allegation on its Telegram channel and on a hacker forum, where it accused South African authorities of failing to protect Nigerians. It claimed the department could not “correct the citizens” and said it would expose more information if its demands were ignored.

Sample documents posted as proof

As part of its claim, Nullsec Nigeria shared a link to documents it said were taken from the department. These included bid invitation notices, bid results, copies of bids received and a notice of a bid award in several formats.

The group also claimed the data haul was much larger than what it had posted publicly. In one message, it said the material amounted to about 11GB, but that it had only released a small portion. Those claims have not been independently verified in the information provided.

The Department of Correctional Services did not immediately respond to questions about the alleged breach or the hackers’ demands. That leaves the public with a serious claim, visible sample files and no official confirmation yet from the department itself.

Broader South African targets also named

Nullsec Nigeria said the operation forms part of an “OpSouthAfrica” campaign. It also claimed responsibility for breaching other South African entities, including Ephraim Mogale Local Municipality. In that case too, it threatened to expose internal material as punishment for what it described as anti-Nigerian violence and indifference from the South African state.

That suggests the group is trying to turn political anger into coordinated digital pressure. Whether all of its breach claims are genuine remains unclear, but the messaging is blunt: if the South African government does not act, more disclosures may follow. That is an inference based on the group’s public threats and the way it framed the campaign.

Political fallout already runs deep

The cyber threats come after Nigeria announced plans to bring some citizens home from South Africa following violent protests over foreign nationals earlier in May. President Cyril Ramaphosa has since condemned the attacks, saying they do not represent either the South African people or government policy. He described those behind the violence as opportunists exploiting real grievances under the false banner of community activism.

For now, South Africa is facing pressure on two fronts at once: unrest on the ground and cyber retaliation online. If the breach claims are confirmed, the issue will no longer be only about public order or diplomacy. It will also be about state cybersecurity and whether political tension is now spilling directly into government systems.