Data breaches jeopardizing the lives of millions sounds like something made up for a nice Hollywood espionage drama or simply the rantings of the latest US fearmongering about why foreign hackers and the internet are bad. Well, sadly, this time it’s a lot closer to home as a reported massive data breach in South Africa has left millions of South Africans’ personal records exposed. I’ll stop the jokes there because this is definitely no laughing matter.
Tech Central, Times Live and iAfrikan are all reporting on a story where information security researcher Troy Hunt has claimed to have found a huge trove of data, containing the personal information of as many as 30 millions of South Africans, including property ownership, employment history, income and company directorships. If you consider the amount of credit-active South Africans out there, this is pretty much the entire population’s confidential information that has been leaked publicly. Which if true, makes this the worst breach of data in the country’s history.
South African followers: I have a very large breach titled “masterdeeds”. Names, genders, ethnicities, home ownership; looks gov, ideas?
— Troy Hunt (@troyhunt) October 17, 2017
While thankfully, there are no passwords included in this leak, people having access to a lot of information you might consider confidential is unnerving and something which people may want to go out of their way to hide from others. To be honest, this is the kind of stuff that companies and banks find out about people through the credit bureau, but generally, those are people you trust and don’t mind having access to certain information. It’s the dark underbelly we don’t know that makes the release of data like this a dangerous one.
The biggest problem as Hunt himself explains though is that within all this data is probably enough information to provide would be criminals with access to credit and identity theft because they now know enough about you:
Let us assume that this is real data from real people. This is a very risky and dangerous development. Hackers can get access to ID numbers‚ names and physical addresses. That is the type of information cybercriminals use for identity theft.
Hunt has not just found the data but is trying to uncover the source of the link. iAfrikan provides quite a detailed breakdown of this investigation which reveals that it may not be a case of data breach by some hacking group looking to profit off people’s fears. Some suggest it’s a leak from a company called Dracore Data Sciences, who essentially acts as a middleman for companies like estate agencies and the credit bureaus in gathering information for people that require it. They, however, assert that they are not responsible for the leak.
I called this a leak above because right now, as it’s not clear if this was a deliberate act by the service provider or an act of negligence. Either way, this is information that should never be made public.
The responsible company (which seems to be a company called Jigsaw Holdings) has not confirmed anything officially up to this point and there are likely to be more updates on this story as we learn more. There will undoubtedly be consequences to these actions, whether criminal or not, but unfortunately the real victims here are South Africans.
What I would suggest we all do in the interim though is monitor all of your accounts closely and regularly to detect more readily if your data has been compromised in any way. Troy has also since answered just about every question you may have. Read it here.
Last Updated: October 19, 2017