Share

Massive data leak could be from a credit bureau

accreditation
(iStock)
(iStock)

Johannesburg - The sensitive private information of 30 million South Africans, contained in a massive data breach, appears to have been hacked from a credit bureau. 

This is according to Australian Microsoft regional director, Tory Hunt, who exposed the leak on Twitter on Tuesday.

Hunt is also a security researcher and creator of the website HaveIbeenpwned.com. The website allows people to check if their personal information has been compromised. 

Earlier this year the site exposed the hacking of Ster-Kinekor's website, which put more than six million accounts at risk, Business Day reported. 

Hunt said on Twitter on Wednesday that the data breach "is one of the worst I've ever seen on many levels". He said the file date on the data was April 2015 and that it was unclear if it had been exposed since then. 

Hunt said the database contained names of people, their gender, ethnicity, home ownership and contact information. The data also contained people's identity numbers and other information, such as their estimated income, directorships and employer information. 

He said on Tuesday that the information appeared to be from a government agency. The title "masterdeeds" led him to initially suspect that it had come from the Deeds Office.

However, that theory has since changed and it is believed that it came from a local credit bureau which collects personal information. 

Investigation

The Department of Rural Development and Land Reform said they have noted the claims of hacking and the alleged accessing of Deeds Registry information. They said they were looking into the matter.

Online publication iAfrikan said the data was still available publicly on the internet for anyone to download and that the information related to South Africans, both dead and alive.

The publication named a credit bureau, which has a database of information and consumer contact details, that they believed was involved.

iAfrikan also quoted Hunt saying that the data company had "f***ed up" on a large scale. 

"They've collected an enormous volume of data and I'm not sure if the owners of that data ever gave their consent… They then published that data to a web server with absolutely zero protection," Hunt said. 

He said there would be huge fallout from the breach.

Some publications named data company Dracore Data Sciences and Govault as the source of the leak.

But the company told News24 that they were not responsible in any way.

The law firm K Jordaan and Associates Inc sent a letter, on behalf of Dracore Data Sciences, demanding a retraction.The letter said that headers and a paste bin link sent to them from the data leak did not refer to Govault.

It added that an IP address provided was for a South African real estate business. 

An analyst also told Business Day the information appeared to be from a credit bureau "because one of the fields was titled CPC (Credit Participation Certificate)". They said the data appeared to be accurate and was from about five years ago.  

Toby Shapshak from StuffSA said on Talk Radio 702's The Money Show on Tuesday night that the data had very personal, sensitive information and, even though it was from a few years ago, information such as ID numbers and employment history did not change. 

He described it as terrifying and South Africans should panic because anyone intent on stealing identities can easily access, buy and use the data.


SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

Read Fin24's top stories trending on Twitter:

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.9%
Rand - Pound
24.10
-0.9%
Rand - Euro
20.59
-0.7%
Rand - Aus dollar
12.42
-0.9%
Rand - Yen
0.13
-0.8%
Platinum
915.75
-0.8%
Palladium
1,028.36
-3.5%
Gold
2,159.96
+0.2%
Silver
25.03
-0.6%
Brent Crude
85.34
-0.1%
Top 40
66,252
0.0%
All Share
72,431
0.0%
Resource 10
53,317
0.0%
Industrial 25
100,473
0.0%
Financial 15
16,622
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders