Private records of 31.6m South Africans removed from the internet

18 October 2017 - 10:49 By Nico Gous
subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now
A large data breach has revealed private records of about 31.6-million South Africans. File photo.
A large data breach has revealed private records of about 31.6-million South Africans. File photo.
Image: iStock

Troy Hunt‚ an Australian web security expert‚ first tweeted about the security breach on Tuesday after the records of about 31.6 million South Africans became publicly available for download.

Hunt said this was not the largest data breach he had ever seen‚ but it was concerning because it listed “almost every living person” in South Africa.

“Every person that I have checked that sent me their ID number‚ I have found a record for. That is very concerning‚” he said.

The breach contains‚ among other things‚ ID numbers‚ ages‚ locations‚ marital status‚ occupations‚ estimated income‚ physical addresses and cellphone numbers.

It remains unclear what the source of the information was.

Professor Basie von Solms‚ director of the Centre for Cyber Security at the University of Johannesburg‚ said cyber criminals could use information like this to obtain credit.

“With enough personal information‚ one can do damage to a person by illegally opening credit accounts or make bookings. It is an extremely big risk. The great risk is to the individual whose data has been breached.”

Von Solms noted South Africans are not out of the woods yet‚ because Hunt and others could have made back-ups of the information.

Hunt received the information earlier this year‚ but he only got around to checking it earlier this week. He often receives information from various sources as he is the creator of HaveIBeenPwnd.com‚ a website where you can check if your information has been compromised in any data breaches against about 4.8 billion records.

“There’s a lot of people that support the project and when they see data has been hacked out of a company or leaked somewhere. They send it to me so that I can load it in there so that I can load and notify people that are in there. Fortunately these are people that often have a very ethical intent.” 

- Additional reporting by Ernest Mabuza

subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now