'It is no longer a question of "if" your info was leaked'

19 October 2017 - 16:41
By Nico Gous
Image: Kacper Pempel

The largest data in South African history has just got bigger. And your information has most likely been leaked‚ too.

Troy Hunt‚ the Australian web security expert who first alerted South Africans to the leak‚ said the leak contains the information of just more than 60 million South Africans.

Hunt previously tried to import the records‚ but had not yet managed to process all the information. He has since completed importing all the information. 

The leak contains the ID number‚ age‚ location‚ marital status‚ occupation‚ estimated income‚ addresses and cellphone numbers of millions of South Africans‚ both dead and alive.

Hunt has uploaded the e-mail addresses compromised in the data leak to his website HaveIBeenPwnd.com where anyone can enter their e-mail address to see if it has been affected by any worldwide leaks.

This is contrary to advice published earlier‚ urging South Africans not to use websites purporting to be able to confirm whether their information had been leaked.

The Southern African Fraud Prevention Service (SAFPS) had warned that consumers should not attempt to check if their details were contained in the data breach. But SAFPS CEO Manie van Schalkwyk has now said‚ considering the size of the leak‚ the question was no longer if you are affected by the leak‚ suggesting that most people's information had indeed been obtained.

Van Schalkwyk said he trusted Hunt’s website‚ but noted similar websites could be created to entice you to enter personal information under allegedly trying to help you.

“You might provide legitimate information to an illegitimate source."

He advised consumers to rather get their credit report from a credit bureau to check if there were any suspicious transactions.

TimesLIVE has learnt that the dump of personal information - previously estimated at 31.6 million records - includes the income‚ addresses and cellphone numbers of the likes of President Jacob Zuma‚ Finance Minister Malusi Gigaba and Police Minister Fikile Mbalula.

The Hawks and the Department of Home Affairs confirmed on Thursday they would join in the investigation into the leak of the personal information of millions of South Africans.

According to the statement‚ acting Hawks head Lieutenant General Yolisa Matakata instructed its cybercrime unit to lead the investigation.

“The Hawks typically does not comment on ongoing investigations‚ however‚ in light of the intense public interest and the potential impact of this matter‚ the Hawks are collaborating with other law enforcement agencies and stakeholders investigating the data breach‚” she said.

The Department of Home Affairs said government would communicate on the leak via the Hawks.

One of South Africa's top real estate firms admitted to being the unwitting source of the data hacked in the largest-known personal data breach to date in this country.

The information originated from Jigsaw Holdings‚ which includes Aida‚ ERA and Realty-1.

Aida CEO Braam de Jager said on Wednesday he had "absolutely no idea" how the information was published on the firm's server. He had consulted a forensic expert to find out how the information was leaked. “As I am speaking to you now‚ I have called in forensic guys into my office that are busy investigating all of these things right now‚” he said.

De Jager said the information was bought from credit bureau Dracore in 2014 to enable it to trace potential clients who wanted to sell their houses.

Dracore CEO Chantelle Fraser said her company was not responsible for publishing the information and had no knowledge of how other companies used it.

Jabu Mtsweni‚ a cyber security expert at the CSIR‚ said such information could also be sold on the internet to the highest bidder.

"People who want to clone my identity don't need my ID number. This information can be used by criminals to try to authenticate themselves as you over the phone."