IDs security breach claim
Affidavit alleges Home Affairs left population register vulnerable to abuse for four years
SECURITY breaches in the country’s national population register could be fuelling the multimillion-rand identity fraud industry after revelations that citizens’ critical information was left vulnerable to abuse for over four years.
This is according to a financialcrimes investigator following damning affidavits which alleged that the Department of Home Affairs risked the country’s population register by housing it on an open URL from June 2005 to November 2009 due to its “failures” in installing key infrastructure.
The affidavits were deposed by Hannes Smith and Moeketsi Nonyana in a liquidation case involving Double Ring Trading. The company alleges that the department owes it R794 million – which includes interest – in unpaid bills that have accrued since 2009.
Both Smith and Nonyana managed the department’s project to install an information and communications technology (ICT) hub at its premises in Tshwane.
Last month, former home affairs minister Malusi Gigaba was subpoenaed to appear before a courtappointed presiding officer to explain and provide documents as to why the department let a R67m bill from Double Ring Trading balloon to R794m.
The legal wrangle is ongoing despite Gigaba’s resignation.
Double Ring Trading was tasked by Home Affairs from 2005 to, among other things, supply and install the ICT hub.
According to the affidavits, failures to install a fibre-optic link between the department and the State Information Technology Agency (Sita) – which the affidavits said was Home Affairs’ responsibility for the hub to be operational – necessitated the use of signal distributor Sentech’s frequency in order for the department’s mobile units to be operational.
In his affidavit, Smith said Home Affairs “was at all times cognisant of the risk inherent to the population register by placing (it) on an open URL”, as both Smith and Nonyana had “repeatedly” discussed this with the department.
“Despite such acute knowledge of the risk that had been posed to the population register and the need to install the fibre-optic link between (the department) and Sita to remove such risk, (the department) took no such steps and simply allowed the population register to continue to be hosted on an open URL for the period between June 2005 to November 30, 2009,” Smith stated under oath.
However, Home Affairs spokesperson Thabo Mokgola said: “At no point was the country’s national population register at risk.”
Mokgola maintained that the register was currently safe as it was “in a highly secured vault managed by Sita and the State Security Agency”.
Mokgola said the public were never informed about the alleged risk to their key information because “at no point was the population register vulnerable”.
But Chad Thomas, a financial-crimes investigator, said identity theft was a multimillion-rand problem in the country, where information gleaned from Home Affairs was used by syndicates to create new, or use existing, identities to open companies or bank accounts.
“The professionalism of the identity theft and the fact that identities used can be traced back to the Home Affairs database suggest that syndicates are working with members from within or that they have accessed confidential information on the network, or both. Either way, it’s a serious breach of security which is costing the economy millions of rand due to fraud. The apparent lack of security of confidential citizen information is a serious issue and should be referred to the Crimes Against the State component of the Hawks,” Thomas said.