South Africans shouldn’t take the latest data breach lightly — and consumes should be wary of using sites that let them check if they have been compromised.
This is the word from Manie van Schalkwyk of the Southern African Fraud Prevention Service, responding to what has been billed as the biggest data breach ever in South Africa.
He adds that consumers who are the victims of the breach, which has exposed more than 30-million identity numbers and other personal and related information on the Internet, according to a data researcher.
Among the sensitive data, amounting to about 27Gb, are identity numbers, personal income, age, employment history, company directorships, race group, marital status, occupation, employer and previous addresses.
Van Schalkwyk says this exposure is dangerous in that it presents an opportunity for fraudsters to open accounts and transact as one of the named parties in the leaked profiles, with enough information available to verify the transaction.
He adds that this could be both a breach and a hack, where a hacker was potentially looking for an opportunity.
“A hacker could have various motives,” he says. “They could sell the information, be seeking revenge on an organisation or looking to create harm. These all have repercussions.”
Van Schalkwyk is certain that every South African is on the leaked database, and says everyone should assume that this is the case.
” I warn consumers against attempting to verify if they are on the database or dealing with anybody offering services like that,” he adds. “You could be leading yourself into further jeopardy by providing somebody else with data, with the understanding that you will verify if you are on the leaked dataset.
“You might provide legitimate information to an illegitimate source.”
He suggest rather asking for a credit report from a credit bureau and checking if there are any suspicious transactions.
If something is suspicious, Van Schalkwyk advises people to apply for Protective Registration on the SAFPS website, which provides consumers with added security and will alert the credit provider or the bank that the specific ID number has been compromised. The service is free of charge to consumers.
In the normal course of events, should consumers lose their ID or passport or feel that their identity is compromised in any way, they can go to, click on lost passport/ID to apply for temporary Protective Registration that will be issued online.
“Although this event is tragic, I am convinced that all database managers will revisit their security protocols, which in itself is a positive spin off of this event.”