South Africans facing increasing risk of data leaks

Apart from the latest cyber threat against Liberty Life‚ personal information about South Africans has landed up in the wrong hands as a result of several data breaches in the past few months.

ViewFines‚ a website for viewing traffic fines‚ suffered a data breach in May. More than 934,000 records containing 778,000 unique email addresses were exposed‚ including names‚ phone numbers‚ government-issued identity numbers and passwords stored in plain text.

The leak did not affect all licensed drivers but only those who had registered to pay traffic fines online using one or more of the sites that provided the service.

The Information Regulator of South Africa‚ following the breach‚ wrote a letter to ViewFines website owner Aggregated Payment Systems (APS) reminding it of its obligations in terms of the Protection of Personal Information Act.

These included that measures must be put in place to secure the integrity of confidential‚ personal information in its possession.

A larger data breach was uncovered in October 2017 when the private records of about 31.6-million South Africans were available for download. The breach‚ which had remained undetected for months‚ contained among other things their ID number‚ age‚ location‚ marital status‚ occupation‚ estimated income‚ physical address and cellphone number.

This was leaked from the servers of property company Jigsaw Holdings.

Professor Basie von Solms‚ director of the Centre for Cyber Security at the University of Johannesburg‚ said at the time that cyber criminals could use the information to obtain credit. “With enough personal information‚ one can do damage to a person by illegally opening credit accounts or make bookings. It is an extremely big risk. The great risk is to the individual whose data has been breached.”

In April‚ there were reports of a data breach by Facebook where data was potentially shared with the data firm Cambridge Analytica. Among the affected were 59,000 South African users.

The Information Regulator wrote to Facebook Ireland (which provides Facebook services outside of the US and Canada) to enquire about the alleged breach. Facebook Ireland said that the Information Commissioner Office (Ico) of the United Kingdom was investigating whether any of the data had been illegally acquired or used.

The Information Regulator said the Ico advised that most victims affected were in the US and that it had not come across any information relating to South African individuals and businesses.

READ MORE: