Johannesburg - Despite a population of 56 million, South Africa’s largest data breach reached 60 million unique ID numbers on Thursday of citizens alive, deceased and living abroad.
Troy Hunt, founder of the free service called Have I Been Pwned (HIBP) which aggregates data breaches and initially revealed the data breach, said on Thursday that running a second import of the leaked data file showed up more IDs.
“I had to stop the original data import at about 31 million rows. The data was being restored to a MySQL database and there were multiple indexes defined in the script which always slows down insert statements. I dropped those indexes and ran the import again. This time it completed in the space of a few hours,” Hunt said in a blog post.
After completing the import, Hunt said that he had found 60 323 827 rows with unique gov IDs.
“The fact I only originally had only just over half the data loaded helps explain why some records weren't found when I originally queried the restored data but were subsequently found when I searched through the source file,” Hunt said.
“It turns out that the data also contains records where the individual is flagged as ‘deceased’. South Africans living abroad may also account for the high number, the only thing we can confidently conclude is that the data represents a significant portion of the country,” he added.
Fin24 reported this week that the incident may be the biggest ever breach of the Protection of Personal Information Act.
Hunt said the database contained names of people, their gender, ethnicity, home ownership and contact information. The data also contained people’s identity numbers and other information like their estimated income and details of their employer.