DON'T check your details on data leak files
The Southern African Fraud Prevention Service warned on Thursday that consumers should not attempt to check if their details are contained in the data breach‚ which has exposed about 30-million identity numbers and other personal and related information on the internet.
Among the sensitive data amounting to about 27 gigabytes‚ information includes identity numbers‚ personal income‚ age‚ employment history‚ company directorships‚ race group‚ marital status‚ occupation‚ employer and previous addresses‚ according to a data researcher.
Manie van Schalkwyk of the SAFPS said the exposure is dangerous in that it presents an opportunity for fraudsters to open accounts and transact as one of the named parties in the leaked profiles‚ with enough information to verify that transaction as being conducted by themselves.
He adds that this could be both a breach and a hack where a hacker was potentially looking for an opportunity.
“A hacker could have various motives‚” he says. “They could sell the information‚ be seeking revenge on an organisation or looking to create harm. These all have repercussions.”
Van Schalkwyk is certain that every South African is on this database and should assume that this is the case.
“I warn consumers against attempting to verify if they are on the database or anybody offering services like that.
“You could be leading yourself into further jeopardy by providing somebody else with data with the understanding that you will verify if you are on the leaked dataset. You might provide legitimate information to an illegitimate source."
He advised consumers to rather get their credit report from a credit bureau to check if there are any suspicious transactions. "Once you realise that something is suspicious‚ then it is advisable to apply for Protective Registration. This will provide the consumer with added security and will alert the credit provider or the bank that the specific ID number has been compromised."
The protective registration can be found on the SAFPS website. This service is free of charge.
He added: “Although this event is tragic‚ I am convinced that all database managers will revisit their security protocols‚ which in itself is a positive spin off of this event.”