Zuma among millions open to ID theft after hack
Top real estate company is source of SA’s biggest data breach
One of South Africa's top real estate firms has admitted to being the unwitting source of the data hacked in the largest known personal data breach to date in this country.
The Times has learnt that the dump of personal information - estimated at 31.6million records - includes the income, addresses and cellphone numbers of the likes of President Jacob Zuma, Finance Minister Malusi Gigaba and Police Minister Fikile Mbalula.
The information originated from Jigsaw Holdings, which includes Aida, ERA and Realty-1.
Aida CEO Braam de Jager said he had "absolutely no idea" how the information was published on the firm's server. It was removed on Wednesday.
"I have called in forensic guys that are busy investigating now," he said.
De Jager said the information was bought from credit bureau Dracore in 2014. It contains the ID number, age, location, marital status, occupation, estimated income, addresses and cellphone numbers of millions of South Africans.
De Jager said the firm bought the information to enable it to trace potential clients.
"If we arrive at a house and a tenant tells us that he knows the owner wants to sell the house, we ask who the owner is. They often do not know.
"We then extract that specific property's information based on the address to get the owner's information," De Jager said.
Dracore CEO Chantelle Fraser said her company was not responsible for publishing the information and had no knowledge of how other companies used it.
Jabu Mtsweni, a cyber security expert at the CSIR, said such information could also be sold on the internet to the highest bidder.
"People who want to clone my identity don't need my ID number. This information can be used by criminals to try to authenticate themselves as you over the phone."
Basie von Solms, director of the Centre for Cyber Security at the University of Johannesburg, said cyber criminals could use the information to obtain credit.
"With enough personal information, one can do damage by illegally opening credit accounts or making bookings.
"The greatest risk is to the individual whose data have been breached."
- Additional reporting by Ernest Mabuza