The South African National Roads Agency (Sanral) has denied it suffered a widely-reported breach, or leaked any personal information. E-mails from Sanral have made this claim in the wake of multiple breaches of its user data, and repeated calls for the agency to alert its customers that their data may have been compromised. ITWeb has received copies of e-mail correspondence allegedly between Sanral and an e-toll user in which the user requested clarification on the agency's security breaches and asked whether his details had been exposed.Sanral's responses included this statement: "Please be advised that we have not received any communication with regards to a security breach, hence we have no knowledge of a breach thereof […] Your details are safe, because we have international best practice security systems in place." Another e-mail states: "Please be advised that your account details are safe. Note that the e-toll system has international best practice security systems in place; including protective measures to ensure that road user e-toll account details remain secure." Sanral refused to answer queries asking it to confirm or deny the statement or its claims. The agency, which has failed to respond to several queries from ITWeb journalists in recent weeks, sent a terse message stating it will no longer respond to media queries. The message, sent on behalf of Sanral spokesman Vusi Mona, states: "In light of your publication admitting to hacking into our system, Sanral will no longer cooperate with ITWeb as you are dealing with us in bad faith." ITWeb, in the course of routine investigation into the previous breaches, took steps to confirm the Web site flaws existed and were vulnerable, and had ensured Sanral, and any users involved, were appropriately notified. Aside from that tacit admission that it knew ITWeb had reported on several breaches, the suggestion it has no knowledge of a breach is a surprising U-turn. Several executives, including spokesman Vusi Mona, previously acknowledged the attacks, describing the agency as being the victim of "cyber attacks" and "deliberate exploitation".Sanral also previously said it would take legal action in the wake of the cyber attack, but did not explain who it would seek recourse from. "Sanral is currently investigating options available to it," it said at the time.