Lottery paid R500,000 to company to probe computer breach that never happened

Forensic auditors found several red flags in the payment to Neo Solutions

By Raymond Joseph

6 February 2025

The National Lotteries Commission paid nearly R500,000 to a private company to investigate a computer breach that never happened. Archive photo: Ashraf Hendricks

• In 2020 the National Lotteries Commission (NLC) paid R498,000 to a private company to investigate a computer software breach that never happened.
• The company, Neo Solutions, is headed by controversial businessman Vivien Natasen.
• The amount paid was just under the R500,000 limit above which the NLC would have had to put the job out for tender.
• The new NLC board commissioned an investigation by TSU Investigation Services, which recommended that those involved in the transaction be reported to the police.

The National Lotteries Commission (NLC) paid almost half a million rand in 2020 to a private company to investigate a computer breach that never happened.

Neo Solutions, headed by controversial businessman Vivien Natasen, was hired to investigate a suspected breach of a software system called BoardEffect, and to undertake a “cybersecurity assessment” of the NLC’s computer systems.

The hack-that-never-happened was treated as a “cybersecurity emergency” leading to the appointment of Neo at a fee of R498,000, just R2,000 below the level at which the NLC would have had to put the job out for tender.

Neo was appointed on 7 May 2020. It invoiced the NLC for its work on 28 September.

Neo has earned R26-million as a service provider to the NLC, including for the supposed “cybersecurity breach”, according to answers supplied in response to a 2022 parliamentary question.

Neo played a key role during the adjudication of the last Lotto licence, which was awarded to current holders, Ithuba, in 2015.

The company was paid almost R22.7-million for the “end-to-end project management of the third national lottery licence RFP [request for proposals] and decommissioning thereof”. It was also paid almost R3-million for “knowledge harvesting” from the licence RFP process.

This time, Natasen is on the other side of the fence in the hotly-contested battle for the eight-year, multi-billion rand fourth licence, with Business Day reporting in September last year that he is linked to a bid by Giya Games RF.

An independent audit by TSU Investigation Services into work done for the NLC by Neo between 2014 and 2016, involving the previous lottery licence award in the 2016/2017 financial year, and the hack probe in the 2020/2021 financial year, was commissioned by the new NLC board after it was appointed in 2022.

In its report, dated 23 June 2023, TSU said of the security breach contract that “given the context of this transaction, we believe that there may be an element of criminal conduct involved and that the NLC should strongly consider reporting the transaction and all employees involved in recommending and approving the transaction to the South African Police Service for further investigation”.

GroundUp has reported that Neo contributed R2-million towards a luxury mansion for Alfred Nevhutanda, the NLC’s former board chairperson. Natasen previously told GroundUp that the company was cooperating with the Special Investigating Unit (SIU) investigation involving Nevhutanda’s house.

Another of Natasen’s companies, Pcubed Exotica, bought a Rolls Royce Phantom paid for with lottery funds from Nevhutanda less than three months after he purchased it for R6.3-million from a Sandton dealership. This is also being probed by the SIU.

Red flags

TSU found numerous red flags in the appointment of Neo to investigate the supposed computer breach, as well as the earlier work it was hired to do by the NLC. It found “several glaring and dubious inconsistencies” in the appointment of Neo.

“Given the fact that no supporting documentation was provided to us explaining how the figure of R498,000 was made up and the fact that no final report was generated during the Auditor-General’s audit, we hold the strong belief that there may be criminal conduct involved in the appointment of Neo Solutions,” TSU said.

The NLC subsequently reported the matter to SAPS, one of numerous matters reported to the police since the new Board and executive were appointed in 2022 and early in 2023. Several of the people involved in approving the contract have resigned, some while facing internal disciplinary charges.

The SIU has already uncovered over R2-billion in dodgy grant allocations since it was mandated in 2020 in terms of a Presidential Proclamation to investigate the NLC. It has yet to investigate procurement fraud and corruption, as its terms of reference only allow it to investigate fraud and corruption involving lottery grants.

TSU’s probe uncovered multiple “inconsistencies”, including:

• While there were “several entities that appear to be linked to Neo Solutions …none of these companies perform the services required by the NLC”.
• Natasen had appeared before the State Capture Commission on allegations of money laundering in allegedly corrupt transactions involving SA Express. In its final report, the Zondo Commission recommended that the authorities consider prosecuting Natasen for “money laundering” and “the use of the proceeds of crime”.
• Under these circumstances, the NLC had “placed the already fragile reputation at risk by transacting … with Neo Solutions”, which is alleged to have received about R10-million through “less than transparent payments by South African Express Airways”.
• “[S]imple due diligence by the NLC would have revealed the risks of reputational damage associated with conducting business with Neo Solutions,” TSU said.
• The amount paid to Neo was “strangely just below the limit of R500,000 which would otherwise require a public bidding tender” in terms of the NLC’s supply chain management policy. The difference of R2,000 appears to be a deliberate attempt to circumvent the need to seek approval from National Treasury, TSU said.
• The NLC’s purchase order was only approved on 27 October 2020, but Neo’s invoice for the work was dated 28 September 2020.
• Neo invoiced for “an IT assessment and advisory based on an interim report, with no final report provided”.
• The invoice submitted by Neo to the NLC had “no branding, logo or form of identifying the business”.

“Emergency”

“The NLC treated the BoardEffect security incident as an emergency, which led to a deviation from normal procurement processes,” TSU reported. It said that the NLC appointed Neo Solutions to do an independent investigation, even though BoardEffect and the Commission’s own internal audit “had already started investigations at no cost”.

As soon as it was informed of the possibility that the system had been hacked, BoardEffect immediately began investigating. It found that there were no vulnerabilities in its system and informed the NLC that the scare stemmed from the NLC’s local setup and policies and was not the result of a breach of the BoardEffect platform. It told the NLC that it “should not be concerned”, TSU said.

Mothibi Ramusi, at the time the NLC’s chief information officer, told TSU that he realised “after a day or two” that an email that sparked the hacking scare was not harmful.

But in spite of BoardEffect’s findings and the NLC independently ascertaining that there had been no hack, the NLC nevertheless proceeded to appoint Neo Solutions to do an independent investigation, raising questions about the necessity and cost of this intervention.

Ramusi - who left the NLC last year after his contract was not renewed - was only informed of Neo’s appointment by former NLC Commissioner Thabang Mampane after it had happened.

Natasen did not respond to our request for comment.