Guiding consumers since 2009

Data breach affects millions of South Africans

By Isabelle Coetzee

Last week it was established that the personal information of over 30 million South Africans had been publically available for at least seven months.

Troy Hunt, who’s an Australian regional director for Microsoft, received a file from an anonymous source in March this year containing this data.

Hunt specialises in security training for online systems and, in his spare time, he runs a free online service called Have I been Pwned (HIBP). This site offers users an opportunity to find out whether their personal data has been breached or not.

In line with this, Hunt receives hundreds of files, often from anonymous sources, which he deciphers in his free time. 

This particular file, titled Master Deeds, was only examined by Hunt last week and, after some digging, he established that it contained the personal information of the majority of South Africans, including ID numbers and contact details.

In collaboration with Tefo Mohapi, founder and CEO of iAfrikan, the source of the data was attributed to a data science company Dracore, and the leak may have come from one of their clients, Jigsaw Holdings.

Mohapi ensured that the file was removed from the public site last Wednesday, but it’s impossible to say how many people already accessed the Master Deeds file before then.

What is identity theft?

According to Claude Langley, business development manager in Africa for HID Global, identity theft is one of the fastest growing crimes in Africa.

“Identity theft is the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits,” he explained. 

If someone can access your personal information, then they have the necessary tools to steal your identity.

“Identity theft is a concept that most South Africans are aware of but unfortunately unless they are directly affected by it, it seems they are not taking it seriously enough,” said Langley. 

“Once you realise that your identity has been compromised and someone has taken out a cell phone contract or bank loan in your name, it may take months to rectify,” he added.

Langley pointed out that mail theft is one of the easiest methods criminals use to steal your identity.

“Syndicates will actually pay in order to sift through your rubbish and fish out personal information. Their return on investment can be substantial if they are able to successfully replicate a person’s identity,” he said. 

In additional to this, identity thieves may obtain your phone number and thereby make unsolicited calls to you – claiming to be from your bank, SARS, etc.

“If they have some personal information about you such as your name or address for you to confirm, you may very well fall for this scam,” said Langley.

Your data is compromised, what now?

According to Brian Pinnock, cybersecurity expert from Mimecast, once your personal information has been compromised there isn’t much you can do, besides act quickly and make sure you don’t fall prey to future attacks.

“The first step would be to change your passwords. Stay away from passwords that incorporate your birth date, ID number or information like your spouse’s name as these are easy to crack,” said Pinnock. 

He advised South Africans to create unique passwords for all online services, not to reuse passwords across different platforms, and where possible use passphrases and 2 factor authentication.

“No email should be considered safe. Hackers can now take this personal information and use it to lure unsuspecting victims into giving them access to their networks,” said Pinnock.

“The hype around this specific data breach will die down in the next few weeks but hackers can store this information and attack when you least expect it. A few months from now, victims might forget to look out for the tell-tale signs of impersonation fraud in an email,” he cautioned.

Recent Articles

Featured It’s possible to change your marriage regime

Many people wed before they sign an antenuptial contract (ANC). This is especially practiced by people in customary marriages and those not clued up about the ANC. The law says if there’s no ANC before the wedding takes place, the marriage will automatically be in Community of Property. 

Keep this in mind when taking out new financial products

Adding a product to your personal finance portfolio, such as insurance or an investment, is a big decision. We found out what you should keep in mind before taking out a new product, how you can assess the products you already have, and how you can generally improve your financial position.

Are you in debt denial?

With debt levels increasing at 13% more than income levels, South Africans are more debt-stressed now than arguably ever before. This is iterated by the National Credit Regulator’s (NCR) report that nearly half of credit-active consumers in South Africa have damaged credit records. However, only a few seek the necessary help.

Why should you invest in a mutual bank?

Often when people think about banking, they always think about commercial banks. Mutual banks hardly come to mind, but these banks offer investment opportunities that are often overlooked.



Aurora Spa 100-minute Treatment Special

Price: R449
When: Until 31 March
Where: Century City

Woodstock Grill and Tap Steak Thursdays

Price: R100
When: Thursdays
Where: Woodstock

KFC 5+5 Special

Price: R65
When: Until 25 February 2020
Where: Nationwide