South Africa 19.10.2017 05:20 am

Identity theft threat posed by massive data leak

Identity theft threat posed by massive data leak

The company responsible for the leak may escape censure as the Protection of Personal Information Act has yet to be signed into effect by president Jacob Zuma.

If your details are among the estimated nearly 50 million records that were exposed in a massive data leak, you have a problem if the wrong people managed to download it.

Worse still, the company responsible for the leak may escape censure as the Protection of Personal Information Act has yet to be signed into effect by President Jacob Zuma, said Professor Basie Von Solms, director of the Centre for Cyber Security at the University of Johannesburg.

An investigation by iAfrikan CEO and technologist Tefo Mohapi linked Dracore Data Sciences as the company hacked.

Dracore’s managing director Chantelle Fraser denied this and pointed the finger at a company called Jigsaw Holdings, “… a group of companies with an impeccable track record in the property and skills development sector”, according to its website.

Fraser noted Dracore Investments – now liquidated – had an agreement in place with Jigsaw Proprietary Limited during 2014 where Dracore worked with them to enrich their deeds database over a period of six months.

“I believe Jigsaw Group is aware of this data leak and have their IT company – which I also believe is called EPI-USE (not verified) – investigating this matter,” Fraser said.

The Citizen made contact with Jigsaw, which did not return its phone call, as promised.

“To be blunt, there’s nothing we can do at the moment,” said Von Solms.

“The information is out there, and it may be at many different places. If one person could find it then the bad guys, the cyber criminals, could have found it too and would have made copies of it. If it’s out there in the wild, there’s no way to retrieve it or delete it.”

The personal data breach first came to light on Twitter through web security specialist Troy Hunt.

Hunt said the file was called “master_deeds” and even though an import failed partway through, he had managed to obtain more than 30 million records of people, both alive and of those who were deceased, and 2.2 million e-mails.

According to MyBroadband. com, the data goes back to the 1990s and was 27.2GB in size. – amandaw@citizen.co.za

 

today in print