Five massive data breaches affecting South Africans

Following the Liberty Holding’s data breach, the Information Regulator is concerned about the increasing number of cyber attacks affecting personal data in South Africa.

“Without a fully functional Information Regulator, these breaches will continue to occur without sanctions provided for in the Protection of Personal Information Act (POPIA),” said chairperson Advocate Pansy Tlakula.

Tlakula urged “the powers that be to assist it in fast tracking its operationalisation”.

According to corporate law firm Michalsons, certain limited sections of POPIA have already been implemented. However, the bulk of the legislation will only commence at a later date, to be proclaimed by the president. As there is a one-year grace period, the POPIA deadline might only be set for the end of 2019 or in 2020.

In the meantime, South Africans are coming under heightened attack from cyber criminals and hackers.


Andrew Chester, MD of Ukuvuma Security, told Fin24 that affected clients or users should immediately alert their banks and cellphone provider. They should also undertake a credit check as well as a Google search to determine whether their personal information is in the public domain.

Liberty email hack

In SMSs to clients on Saturday, financial services company Liberty informed them that its email repository had been breached by a third party trying to demand a “ransom” in exchange for the data.

Liberty has not revealed much about the breach, citing a police investigation. CEO David Munro confirmed that Liberty’s insurance clients were the only ones affected, and that none of its other business had been compromised.

READ MORE: ‘Liberty breach should never have happened’ — cybersecurity expert

The company said none of its clients have been impacted financially, and that individuals will be personally advised if their information has been affected.

ViewFines licence details

In May the Hawks, the State Security Agency and the Information Regulator said they would probe the breach of personal records of 943 000 South African drivers, allegedly from online traffic fine website ViewFines.

The information reportedly contained the names, identity numbers and email addresses of South African drivers stored on the ViewFines website in plaintext.

The ViewFines website is owned by Aggregated Payment Systems. News24 reported that its operations manager confirmed the company was “implementing security measures immediately” to improve the website after being informed of the breach.

The source of the data was located by Troy Hunt, an Australian security researcher and creator of the free service Have I Been Pwned, which checks whether an individual’s information has been compromised.

Facebook scandal

While Facebook founder and CEO Mark Zuckerberg had to face angry lawmakers in the US and European Union, it was reported that the data breach involving the UK political consultancy affected almost 60 000 South African users.

READ MORE: One Facebook app, a data leak of 60 000 users

In May, the Information Commissioner’s Office of the United Kingdom (which regulates Facebook outside the US and Canada) advised the Information Regulator of South Africa that over 87 million people had been affected worldwide.

However, no evidence could be found of South Africans having been targeted, as the majority of users involved were in the US.

Master Deed’s data breach “biggest” digital security threat in SA

Hunt was once again instrumental in revealing what was known as the “biggest” data breach in South African history, together with iAfrikan CEO Tefo Mohapi in October 2017.

Over 60 million South Africans’ personal data, from ID numbers to company directorships, was believed to have been affected.

The information was traced to Jigsaw Holdings, a holding company for several real estate firms including Realty1, ERA and Aida. The information reportedly came from credit bureau agencies, and was used to vet potential clients.

The information trove was found not to have been hacked, as it was stored in an easily accessible manner on an open web server.

Ster-Kinekor’s database compromised

Movie theatre chain Ster-Kinekor was responsible for up to 7 million South Africans falling victim to a data leak in March 2017.

Fin24 reported that Durban developer Matt Cavanagh announced he had discovered a flaw in Ster-Kinekor’s booking website, and that he had reported it to the company.

There were between 6 and 7 million users in the database. Of those, 1.6 million people had email addresses linked to them on the movie theatre chain’s database. — Fin 24

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Tehillah Niselow
Tehillah Nieselow
Tehillah Nieselow is a Journalist at Power FM. She Covers labour issues, strikes, protests and general stories

Related stories

Is WhatsApp shaping democracy in Africa?

A study shows that the social messaging platform is both emancipatory and destructive, particularly during election campaigns

Smokers’ fight to light up moves online

‘Sweeties’ (cigarettes) for R150, and marching on Parliament — an insight into the social-media groups popping up to push back against lockdown regulations

Inside Facebook’s big bet on Africa

New undersea cables will massively increase bandwidth to the continent

The writing was on the wall for SA newspapers long before Covid-19

Publications have cut salaries and frozen posts in a bid to survive the disease, but most owners failed to take appropriate steps when problems emerged in the late 1990s

Australia to force Google, Facebook to pay for news content

Australia's new regulations will also cover the sharing of data, and the ranking and display of news content, to be enforced by binding dispute resolution mechanisms and penalties

‘No-vax’ Djokovic against compulsory coronavirus vaccination

The Serbian tennis ace, who is in lockdown in Spain, spoke out against being forced to receive a vaccination in order to travel to tournaments
Advertising

Vaccine trial results due in December

If successful, it will then have to be manufactured and distributed

White men still rule and earn more

Women and black people occupy only a few seats at the JSE table, the latest PwC report has found

The PPE scandal that the Treasury hasn’t touched

Many government officials have been talking tough about dealing with rampant corruption in PPE procurement but the majority won't even release names of who has benefited from the R10-billion spend

ANC still at odds over how to tackle leaders facing...

The ANC’s top six has been mandated to work closely with its integrity committee to tackle claims of corruption against senior party members
Advertising

press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday