South Africa: Massive Data Leak Could Be From a Credit Bureau
20 October 2017
The sensitive private information of 30 million South Africans, contained in a massive data breach, appears to have been hacked from a credit bureau. This is according to Australian Microsoft regional director, Troy Hunt, who exposed the leak on Twitter on Tuesday.
Hunt is also a security researcher and creator of the website HaveIbeenpwned.com. The website allows people to check if their personal information has been compromised.
Earlier this year the site exposed the hacking of Ster-Kinekor's website, which put more than six million accounts at risk, Business Day reported.
Hunt said on Twitter on Wednesday that the data breach "is one of the worst I've ever seen on many levels". He said the file date on the data was April 2015 and that it was unclear if it had been exposed since then.
Hunt said the database contained names of people, their gender, ethnicity, home ownership and contact information. The data also contained people's identity numbers and other information, such as their estimated income, directorships and employer information.
He said on Tuesday that the information appeared to be from a government agency. The title "masterdeeds" led him to initially suspect that it had come from the Deeds Office.
However, that theory has since changed and it is believed that it came from a local credit bureau which collects personal information.
The Department of Rural Development and Land Reform said they have noted the claims of hacking and the alleged accessing of Deeds Registry information. They said they were looking into the matter.
Online publication iAfrikan said the data was still available publicly on the internet for anyone to download and that the information related to South Africans, both dead and alive.