The latest traffic fine leak leaves a million of us exposed
Nearly a million South Africans vulnerable to fraud, identity theft and a host of other nasty surprises
A data leak that revealed the personal records of nearly a million South Africans who registered to pay fines online exposes them to fraud, identity theft and a host of other nasty surprises.
The leak was confirmed by Australian cyber security researcher Troy Hunt along with Tefo Mohapi from iAfrikan and contains 934,000 records containing identity numbers‚ e-mail addresses‚ full names, cellphone numbers, number of outstanding fines and passwords.
It was traced back to an online traffic fine payments website for motorists in South Africa.Jabu Mtsweni, a cyber security expert from the Council for Scientific and Industrial Research (CSIR), said data breaches posed a huge threat to the public.
“This information exposes individuals to be targets of cyber crime and other scams, such as phishing e-mails. So with such breaches, the problem becomes even bigger. People’s sensitive information is now available on dark markets and criminals can use this information to even sell on to other criminal syndicates,” he said.
TimesLIVE reported in late 2017 how millions of South Africans were compromised in a “data dump” that revealed their identity numbers‚ ages‚ locations‚ marital statuses‚ occupations‚ estimated incomes‚ addresses and cellphone numbers. It included personal information about prominent people including Jacob Zuma‚ Malusi Gigaba and Fikile Mbalula.“Leakages of personal information put at risk other sensitive systems that we use (such as online banking and shopping). People tend to use the same usernames and passwords through various websites and one leakage might lead to our bank accounts being compromised or our identities being stolen,” said Mtsweni.
“It’s like using your ID. People could then clone one’s identity. Criminals may sell the data to phishing websites and even marketers … and even know our personal addresses. This is really problematic,” he added.
He urged people who could be affected by the leak to urgently change their usernames and passwords. Also, they should keep a close eye on the online accounts for any suspicious activity.Wolfpack Information Risk, a specialist cyber security company, offers a “survival guide” for anyone who has been exposed to a potential data leak.
It urges victims to “report the matter to your nearest police station. Ensure you keep a copy of the report and case number. This will be useful evidence required by credit providers, banks or prospective employers.”
Professor Basie von Solms‚ director of the Centre for Cyber Security at the University of Johannesburg, said the individuals responsible for data leaks should be prosecuted because they were entrusted with sensitive information.
“The impact of such leaks is extraordinary. Your identity is being stolen, accounts are being opened on your behalf. Credit is being taken out on your behalf and at the end of the day you sit with the consequences of this,” he said.
“This is very serious. When we look at last year’s massive leak to date we have heard nothing. Who did it? Was someone taken task about it? How far along is the investigation? It is as if these leaks can happen and no one is held responsible for it.”
Von Solms warned that online privacy was a myth. “We must accept that the more we use the cyberspace the less privacy we have.”
• If you want to check if your personal details have been leaked, go to https://haveibeenpwned.com/