Guiding consumers since 2009

Data breach affects millions of South Africans

By Isabelle Coetzee

Last week it was established that the personal information of over 30 million South Africans had been publically available for at least seven months.

Troy Hunt, who’s an Australian regional director for Microsoft, received a file from an anonymous source in March this year containing this data.

Hunt specialises in security training for online systems and, in his spare time, he runs a free online service called Have I been Pwned (HIBP). This site offers users an opportunity to find out whether their personal data has been breached or not.

In line with this, Hunt receives hundreds of files, often from anonymous sources, which he deciphers in his free time. 

This particular file, titled Master Deeds, was only examined by Hunt last week and, after some digging, he established that it contained the personal information of the majority of South Africans, including ID numbers and contact details.

In collaboration with Tefo Mohapi, founder and CEO of iAfrikan, the source of the data was attributed to a data science company Dracore, and the leak may have come from one of their clients, Jigsaw Holdings.

Mohapi ensured that the file was removed from the public site last Wednesday, but it’s impossible to say how many people already accessed the Master Deeds file before then.

What is identity theft?

According to Claude Langley, business development manager in Africa for HID Global, identity theft is one of the fastest growing crimes in Africa.

“Identity theft is the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits,” he explained. 

If someone can access your personal information, then they have the necessary tools to steal your identity.

“Identity theft is a concept that most South Africans are aware of but unfortunately unless they are directly affected by it, it seems they are not taking it seriously enough,” said Langley. 

“Once you realise that your identity has been compromised and someone has taken out a cell phone contract or bank loan in your name, it may take months to rectify,” he added.

Langley pointed out that mail theft is one of the easiest methods criminals use to steal your identity.

“Syndicates will actually pay in order to sift through your rubbish and fish out personal information. Their return on investment can be substantial if they are able to successfully replicate a person’s identity,” he said. 

In additional to this, identity thieves may obtain your phone number and thereby make unsolicited calls to you – claiming to be from your bank, SARS, etc.

“If they have some personal information about you such as your name or address for you to confirm, you may very well fall for this scam,” said Langley.

Your data is compromised, what now?

According to Brian Pinnock, cybersecurity expert from Mimecast, once your personal information has been compromised there isn’t much you can do, besides act quickly and make sure you don’t fall prey to future attacks.

“The first step would be to change your passwords. Stay away from passwords that incorporate your birth date, ID number or information like your spouse’s name as these are easy to crack,” said Pinnock. 

He advised South Africans to create unique passwords for all online services, not to reuse passwords across different platforms, and where possible use passphrases and 2 factor authentication.

“No email should be considered safe. Hackers can now take this personal information and use it to lure unsuspecting victims into giving them access to their networks,” said Pinnock.

“The hype around this specific data breach will die down in the next few weeks but hackers can store this information and attack when you least expect it. A few months from now, victims might forget to look out for the tell-tale signs of impersonation fraud in an email,” he cautioned.

Recent Articles

Featured Scared to get a personal loan? Find out the facts first

Taking out a personal loan can be daunting. When you borrow a large sum of money, you may fret over whether you’ve done the right thing and whether you’ll manage to pay it off. But sometimes the best way to deal with fears is to face them head-on.

5 Ways to borrow: Choose carefully

There are many ways to obtain credit. It’s up to you to choose which form is suitable for your needs. But before you make that choice, it’s important to weigh the pros and cons of each.

Four steps to rethinking your budget

We all think about budgeting at the end of each month. But before we know it, the new month has started. When last did you actually sit down and consider your spending habits?

Why can fund managers only invest 30% of pension funds offshore?

When you invest in your pension fund or retirement annuity, it will be placed in various asset classes. Of this, you cannot invest more than 30% of your retirement abroad. We find out why.


Clicks Covid antibody test for R199

Price: R199
When: Daily
Where: Nationwide

2 Steaks for the price of 1 at Tiger’s Milk

Price: From R159
When: Thursdays
Where: Cape Town

Da Vinci's Monday Wings Special

Price: R145
When: Mondays
Where: Cape Town

Latest Guide

Guide to debt rehabilitation solutions