Massive release of private data puts millions of South Africans at risk of identity theft

3 min read
15

Data breaches jeopardizing the lives of millions sounds like something made up for a nice Hollywood espionage drama or simply the rantings of the latest US fearmongering about why foreign hackers and the internet are bad. Well, sadly, this time it’s a lot closer to home as a reported massive data breach in South Africa has left millions of South Africans’ personal records exposed.  I’ll stop the jokes there because this is definitely no laughing matter.

Tech Central, Times Live and iAfrikan are all reporting on a story where information security researcher Troy Hunt has claimed to have found a huge trove of data, containing the personal information of as many as 30 millions of South Africans, including property ownership, employment history, income and company directorships. If you consider the amount of credit-active South Africans out there, this is pretty much the entire population’s confidential information that has been leaked publicly. Which if true, makes this the worst breach of data in the country’s history.

While thankfully, there are no passwords included in this leak, people having access to a lot of information you might consider confidential is unnerving and something which people may want to go out of their way to hide from others. To be honest, this is the kind of stuff that companies and banks find out about people through the credit bureau, but generally, those are people you trust and don’t mind having access to certain information. It’s the dark underbelly we don’t know that makes the release of data like this a dangerous one.

The biggest problem as Hunt himself explains though is that within all this data is probably enough information to provide would be criminals with access to credit and identity theft because they now know enough about you:

Let us assume that this is real data from real people. This is a very risky and dangerous development. Hackers can get access to ID numbers‚ names and physical addresses. That is the type of information cybercriminals use for identity theft.

Hunt has not just found the data but is trying to uncover the source of the link. iAfrikan provides quite a detailed breakdown of this investigation which reveals that it may not be a case of data breach by some hacking group looking to profit off people’s fears. Some suggest it’s a leak from a company called Dracore Data Sciences, who essentially acts as a middleman for companies like estate agencies and the credit bureaus in gathering information for people that require it. They, however, assert that they are not responsible for the leak.

I called this a leak above because right now, as it’s not clear if this was a deliberate act by the service provider or an act of negligence. Either way, this is information that should never be made public.

The responsible company (which seems to be a company called Jigsaw Holdings) has not confirmed anything officially up to this point and there are likely to be more updates on this story as we learn more. There will undoubtedly be consequences to these actions, whether criminal or not, but unfortunately the real victims here are South Africans.

What I would suggest we all do in the interim though is monitor all of your accounts closely and regularly to detect more readily if your data has been compromised in any way. Troy has also since answered just about every question you may have. Read it here. 

Last Updated: October 19, 2017

Craig Risi

A man of many talents, but no sense how to use them. I could be discovering the cure for aids or finding ways to achieve world peace, but I’d rather be watching movies and writing here instead.

  • For the Emperor!

    Yeah, this is some scary stuff.

  • Alien Emperor Trevor

    Got an email yesterday warning me that my email addy was discovered in this. Dunno what other info of mine is floating around in it.

    • Ir0nseraph

      I registered , and checked my email didn’t pop up but it’s early days.

    • HvR

      Same here

      Already had 2 incidences this year of people trying to register loans or cellphone contract on my name. Luckily FNB was on the ball and stopped it in both cases

  • Gr8_Balls_o_Fire

    This is one instance where being poor is good.

  • Jacques Van Zyl

    Weeeeell, this sucks.

  • MonsterCheddar

    Why would a hacker sit with a balaclava on?

    #alwaystheimportantquestions

  • Craig “CrAiGiSh” Dodd

    Well shiiiiieeeettt ….

  • Magoo

    That header image is extreme though.

  • Nikola

    This is a major issue and this is something I actually work on most leaks happen internally where people in IT eg developers have access to real data and in a non protected environment like a DEV or QA database there is no auditing they can extract most of your information, there is a law being passed at the moment called POPI that will require all company to comply by 2019 I think. What like we do is data masking is protecting all the sensitive data from anyone who has access to this data.

    • Magoo

      , , , , , , , , , , *

      I agree though.

  • Knowing my luck someone is going to steal my identity and apply for a homeloan with FNB and get it approved… because those bastards refused to help me 😛

Check Also

Hackers are using dodgy subtitles to worm their way in to computers

Use Kodi, VLC, or PopcornTime to watch movies or shows with subtitles? Your computer could…