Massive data leak could be from a credit bureau
JOHANNESBURG — The sensitive private information of 30 million South Africans, contained in a massive data breach, appears to have been hacked from a credit bureau.
This is according to Australian Microsoft regional director, Tory Hunt, who exposed the leak on Twitter on Tuesday.
Hunt is also a security researcher and creator of the website HaveIbeenpwned.com. The website allows people to check if their personal information has been compromised. Earlier this year the site exposed the hacking of Ster-Kinekor’s website, which put more than six million accounts at risk, Business Day reported.
Hunt said on Twitter on Wednesday that the data breach “is one of the worst I’ve ever seen on many levels”. He said the file date on the data was April 2015 and that it was unclear if it had been exposed since then.
Hunt said the database contained names of people, their gender, ethnicity, home ownership and contact information. The data also contained people’s identity numbers and other information, such as their estimated income, directorships and employer information.
He said on Tuesday that the information appeared to be from a government agency. The title “masterdeeds” led him to initially suspect that it had come from the Deeds Office.
However, that theory has since changed and it is believed that it came from a local credit bureau which collects personal information.
The Department of Rural Development and Land Reform said they have noted the claims of hacking and the alleged accessing of Deeds Registry information. They said they were looking into the matter.
Online publication iAfrikan said the data was still available publicly on the internet for anyone to download and that the information related to South Africans, both dead and alive.
The publication named a credit bureau, which has a database of information and consumer contact details, that they believed was involved.
iAfrikan also quoted Hunt saying that the data company had “f***ed up” on a large scale.
“They’ve collected an enormous volume of data and I’m not sure if the owners of that data ever gave their consent… They then published that data to a web server with absolutely zero protection,” Hunt said. He said there would be huge fallout from the breach. Some publications named data company Dracore Data Sciences and Govault as the source of the leak.
But the company told News24 that they were not responsible in any way. — AFP