A trove of data containing the personal information of more than 60 million South African citizens has been breached in the biggest data breach to hit South Africa. The breach was discovered by security researcher and creator of Have I Been Pwned, Troy Hunt.
In a blog post released by Hunt, he documents the discovery of the 27GB file and how the breached database contained at least 60 million records – a number higher than the country’s population (an estimated 56 million), meaning that the database contains files on both alive and deceased citizens.
The date of the database file indicates that the breach occurred in March 2017, however the information itself is dated back to the early 1990s. It’s quite clear that this breach has put millions of people at risk of identity theft, as the breached information includes citizen’s full names, identity numbers, gender, employment history, income, addresses and property ownership.
Some bloggers have pointed out that the source of this information may be governmental or a commercial entity (such as a bank), however the database is currently said to be linked to Jigsaw Holdings, a property company.
Jigsaw’s domain is owned by a man called Hano Jacobs, who also owns the domain belonging to GoVault, advertised as a “the goldmine of information offers easy access to the contact details of South African consumers and homeowners”. It is also known that GoVault is connected to Dracore Data Sciences, a South African data firm. Dracore Data Science’s CEO has since confirmed that her company is not responsible for the leak in a podcast released on Friday.
As the investigation continues, this is still a developing story.
Just a few months ago, the personal data of 143 million Americans was exposed following a data breach at Equifax, a credit-reporting agency and sadly, the words “data breach” have become all too common for so many people around the world.
When it comes to how data is handled today, it’s hard for me not to think of the GDPR (with its deadline looming) and how, even though it applies to organizations in or who deal with EU data, its new rules can shape how data breaches are handled in the future. Just as an example, organizations under the GDPR are required to designate a Data Protection Officer (DPO) to ensure the organization complies with the regulation and to implement the policies and procedures required to manage data outsourcing and processing activities. A DPO alone could perhaps be enough to prevent a situation like what is happening now in South Africa, as even if a data breach would still occur, the breach itself would be detected, handled, and dealt with in a smoother way.
As these larger-scale data breaches are becoming more common, I hope that the example provided by the GDPR will inspire other regions to take action to prevent the exposure of their citizen’s private data.
What are your thoughts on the current breaches? Tweet us or let us know in a comment.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.