South Africa, following a massive breach in October 2017, suffered another attack, with the personal records of 934,000 South Africans being leaked.
According to news from The Next Web, the data that was leaked includes national identity numbers, email addresses, full names and text passwords for traffic fines. Working with Australian security consultant Troy Hunt and the team at iAfrikan, TheNextWeb established that the data was posted publicly by a company responsible for traffic fines for South Africa’s online payments. South Africa lets several companies facilitate payments for traffic fines over the internet, and the leaked database doesn’t represent all of the drivers that are licensed in South Africa — given that at the end of the March of 2017, there were more than 12 million, and the database only had information on 934,000 South Africans.
In what was potentially South Africa’s largest data breach, hackers in October 2017 got away with extensive personal information, including ID numbers, income, marital status, employment and property ownership information. According to a news report in The Next Web at the time, after the team at iAfrikan — along with security consultant Troy Hunt — spotted the South African breach, they discovered that personal information was stolen from both living and deceased people. The personal records dated back to the late 1990s or even older. The breach may have impacted 30 million unique records, but that number could increase. After some sleuthing, the team found that the company in possession of the breached data was Dracore Data Sciences, which names TransUnion as a client. The company also had real estate businesses as clients.
“They’ve [Dracore] collected an enormous volume of data, and I’m not sure the owners of that data ever gave their consent,” said Hunt. “That may still be legal, but the backlash will be severe. They then published that data to a web server with absolutely zero protection, and, of course, unauthorized parties found it. You yourself [iAfrikan] found it very quickly just by searching for it. There is now going to be a very serious spotlight shone on them for the sheer incompetence of their actions, and they’re in no position [to] threaten those who’ve reported this to them responsibly.”