In what may be South Africa’s largest data breach, hackers may have gotten away with extensive personal information, including ID numbers, income, marital status, employment details and property ownership information.
According to a news report in The Next Web, after the team at iAfrikan – along with security consultant Troy Hunt – spotted the largest data breach thought to have transpired in South Africa, it discovered that personal information was breached for both living and deceased people. The personal records dated back to the late 1990s or even older. The breach may have impacted 30 million unique records, but that number could increase even more.
The report claims that after doing some sleuth work, it found that the company with all the data that was breached in the cyberattack is Dracore Data Sciences, which names TransUnion as a client. The company also has real estate businesses as clients, noted the report.
“They’ve [Dracore] collected an enormous volume of data, and I’m not sure the owners of that data ever gave their consent,” said Hunt. “That may still be legal, but the backlash will be severe. They then published that data to a web server with absolutely zero protection and, of course, unauthorized parties found it. You yourself [iAfrikan] found it very quickly just by searching for it. There is now going to be a very serious spotlight shone on them for the sheer incompetence of their actions, and they’re in no position [to] threaten those who’ve reported this to them responsibly.”
In response to the report naming Dracore Data Sciences as the business at which the data was compromised in the cybercrime, the company said it is not the source of the information, and that the writers of the report published the story anyway.