Have you been hacked?
KIMBERLEY residents are encouraged to take every precaution to protect their personal information following what is considered to be the largest cybersecurity breach ever to hit South Africa.
Earlier this week, a file dated April 2015, with more than 30 million records and 2.2 million e-mail addresses, was found on a publicly accessible web server by Australian online security expert and Microsoft regional director, Troy Hunt.
News of the breach quickly spread panic across the country with the leak leaving at least half the country’s population vulnerable to both cyberattacks and identity theft.
It was confirmed yesterday that the personal data, which includes names, physical addresses, employment history, home ownership status and ID numbers, was sourced without authorisation from Jigsaw Holdings, a corporate investment, management and skills development holdings company that represents many of the country’s prominent real estate companies including Aida, ERA and Realty-1.
According to Verlie Oosthuizen, a partner and head of social media at Shepstone & Wylie Attorneys, this information could be used for “phishing” scams. “They extract further information out of you with the possibility of, for example, cracking passwords and codes to defraud bank accounts or other criminal activities,” Oosthuizen explained.
It is believed that the breach was uncovered when a 27GB back-up file was sent to www. haveibeenpwned.com, a data breach service created by Hunt.
Subsequent to the discovery, an edited database, containing all the affected e-mail addresses, was made available on the website in order for members of the public to verify whether their information was revealed during the attack.
Sabata Mereeotlhe, the managing director of locally-based internet and telecommunication service provider, Joxicraft, said that apart from verifying whether their data had been compromised, there was precious little that could be done to retrieve and secure the leaked information.
“Homeowners, in particular, have cause for concern because the data involved pertains specifically to the property market,” he said yesterday. “At this stage, there really isn’t much that people can do other than to visit the website and see if their details are included in the scaled-down dataset.
“However, even if you are not listed, it doesn’t mean that your data has not been compromised.
“What I would suggest to those who are concerned about identity theft is to follow the same steps as you would should you lose your ID book or passport. Go to the police and make a sworn affidavit, stating that your personal information has been leaked so that if a fraudulent transaction is made using your identity, you do have some evidence that it was not you.
“Unfortunately, unless you have very deep pockets to sue the company that did not secure your personal information, there is very little you can do.”