The Passenger Rail Agency of South Africa (PRASA) reported a loss of 30.6 million rand (US$1.6 million) due to a phishing scam in its annual report. The agency has recovered more than half of the stolen money and the case remains under police investigation. The attack has raised concerns about the vulnerability of railway networks to cyber threats. Security experts emphasized the need for organizations to address insider threats and fortify their cybersecurity measures to protect against various types of attacks. Partnering with technology specialists is also seen as a way for railway operators to enhance their cybersecurity resilience.