Guiding consumers since 2009

Data breach affects millions of South Africans

By Isabelle Coetzee

Last week it was established that the personal information of over 30 million South Africans had been publically available for at least seven months.

Troy Hunt, who’s an Australian regional director for Microsoft, received a file from an anonymous source in March this year containing this data.

Hunt specialises in security training for online systems and, in his spare time, he runs a free online service called Have I been Pwned (HIBP). This site offers users an opportunity to find out whether their personal data has been breached or not.

In line with this, Hunt receives hundreds of files, often from anonymous sources, which he deciphers in his free time. 

This particular file, titled Master Deeds, was only examined by Hunt last week and, after some digging, he established that it contained the personal information of the majority of South Africans, including ID numbers and contact details.

In collaboration with Tefo Mohapi, founder and CEO of iAfrikan, the source of the data was attributed to a data science company Dracore, and the leak may have come from one of their clients, Jigsaw Holdings.

Mohapi ensured that the file was removed from the public site last Wednesday, but it’s impossible to say how many people already accessed the Master Deeds file before then.

What is identity theft?

According to Claude Langley, business development manager in Africa for HID Global, identity theft is one of the fastest growing crimes in Africa.

“Identity theft is the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits,” he explained. 

If someone can access your personal information, then they have the necessary tools to steal your identity.

“Identity theft is a concept that most South Africans are aware of but unfortunately unless they are directly affected by it, it seems they are not taking it seriously enough,” said Langley. 

“Once you realise that your identity has been compromised and someone has taken out a cell phone contract or bank loan in your name, it may take months to rectify,” he added.

Langley pointed out that mail theft is one of the easiest methods criminals use to steal your identity.

“Syndicates will actually pay in order to sift through your rubbish and fish out personal information. Their return on investment can be substantial if they are able to successfully replicate a person’s identity,” he said. 

In additional to this, identity thieves may obtain your phone number and thereby make unsolicited calls to you – claiming to be from your bank, SARS, etc.

“If they have some personal information about you such as your name or address for you to confirm, you may very well fall for this scam,” said Langley.

Your data is compromised, what now?

According to Brian Pinnock, cybersecurity expert from Mimecast, once your personal information has been compromised there isn’t much you can do, besides act quickly and make sure you don’t fall prey to future attacks.

“The first step would be to change your passwords. Stay away from passwords that incorporate your birth date, ID number or information like your spouse’s name as these are easy to crack,” said Pinnock. 

He advised South Africans to create unique passwords for all online services, not to reuse passwords across different platforms, and where possible use passphrases and 2 factor authentication.

“No email should be considered safe. Hackers can now take this personal information and use it to lure unsuspecting victims into giving them access to their networks,” said Pinnock.

“The hype around this specific data breach will die down in the next few weeks but hackers can store this information and attack when you least expect it. A few months from now, victims might forget to look out for the tell-tale signs of impersonation fraud in an email,” he cautioned.

Recent Articles

Featured Are you entitled to your spouse’s pension after divorce?

Divorce means more than just parting ways with your partner. It may also involve parting ways with your assets. The Divorce Act states that your retirement fund forms part of your assets. This means that it will be considered when dividing up your assets.

Retrenched – what payments are you entitled to?

In the current struggling economic climate, retrenchments are a regular occurrence and not everyone survives the cut. If you find yourself on the receiving end of retrenchment you may have questions about the payments that are due to you.

Do you want to settle your debt?

You may be considering settling your credit account, whether it’s a credit card or various store accounts, now may be as good a time as any. This especially if you have saved, or you received a tax return or salary bonus. 

Can you afford a personal loan?

Taking out new debt is not always a choice. However, if you’re not pressed by a medical emergency or an unforeseen disaster, it’s worthwhile considering whether you can actually afford it. But what does it mean to “be able to afford a personal loan”? What percentage of your income should you not exceed dedicating to it? 


Pick n Pay Black November Launch Deals

Price: Available on request
When: Until 05 November 2019
Where: Online

Bakwena Spa Black Friday Special

Price: From R1,100
When: From 29 November - 06 December 2019
Where: Cape Town, Centurion, Hartebeespoort

Premier Hotels and Resorts Black Friday Deal

Price: Available on request
When: 29 November -02 December
Where: Nationwide