South African Data Breach Compromises 30 Million Personal Records

Creator and founder of HaveIBeenPwned.com, Troy Hunt, discovered yet another data dump last year. This one reportedly contained personal data belonging to millions in this staggering South African data breach.

At the time of discovery, the information was available from an online public database back-up file and even came with a smaller compressed version. Anyone on the site could download the information.

The South African data breach dump reportedly included:

Names
Citizenships
Genders
Ages
Property ownership information (deeds, locations, sale prices)
Marital statuses
Deceased statuses
Addresses
Employment histories
Incomes
Company directorships
Unique South African ID numbers
Email addresses

As far as Hunt is aware, the huge clump of information has not yet been put up for sale, but it’s noted that “it is definitely floating around between traders”.

To identify the information, Hunt analysed some of the data and believes that the breach took place before March 2017. The data itself dates back as early as the 1990s. Having consulted with Hunt, IAfrikan.com has reportedly suggested that, due to the type and quantity of the information, it was most likely that the information was taken from a credit bureau or a data aggregation company. They’ve pointed the finger at Dracore Data Sciences.

Hunt did not mince his words over the severity of the situation. He said:

“They’ve collected an enormous volume of data and I’m not sure the owners of that data ever gave their consent. That may still be legal but the backlash will be severe. They then published that data to a web server with absolutely zero protection and, of course, unauthorised parties found it.”

He added that anyone could find the confidential personal data contained within this South African data breach just by doing a simple online search. “There is now going to be a very serious spotlight shone on them for the sheer incompetence of their actions and they’re in no position to threaten those who’ve reported this to them responsibly.”

Over 30 million records were breached, including 2.2 million email addresses.

With this much information, the data ‘traders’ could sell this information to people who will email the subjects listed with direct marketing emails to try and sell their goods and services, or go down a darker route and send out phishing emails loaded with malware.

Email addresses are surprisingly valuable to cyber criminals and unscrupulous marketing companies who love to send masses of unwanted emails for financial gain.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.