Hawks to probe data breach as SA braces for fraud attack

The Hawks’ Cybercrime Unit has been instructed to investigate the Master Deeds leak, which saw the personal details of tens of millions of South Africans opened to the worldwide web.

While frantic investigations into the leak by implicated companies carry on, Cybersecurity expert Brian Pinnock from Mimecast warned South Africans and local organisations needed to brace themselves for “supercharged impersonation fraud attacks”.

“This is social engineering on another level as half of the work is already done for potential hackers. They now have access to email addresses, mobile numbers, ID numbers, marital status, employer information and income,” said Pinnock.

“Fraudsters can now target their victim by knowing the most sensitive information that only your most trusted service providers or family would know.”

The unsecured information appears to have come from Jigsaw Holdings, which includes Aida‚ ERA and Realty-1.

Jigsaw has yet to respond to a request for information, and its website was not available yesterday.

Christoff Pienaar, the director of technology and sourcing at Cliffe Dekker Hofmeyr Inc, said in order to protect both themselves and their customers, companies needed to safeguard the data collected and held by them.

“This starts with critically evaluating what data they hold, where they get it from, why they hold it, how they use it and who has access to such data,” Pienaar said.

“Once this understanding has been established, businesses can then turn to the technical and organisational measures they currently have in place or have to put in place to safeguard such data against unlawful access. These measures include evaluating processes, procedures, policies, terms and conditions and supplier agreements.”

Pinnock noted it was crucial people kept a close watch for malicious emails.

“All email users should know the signs of a targeted email threat – is the email address legitimate, does the URL in an email or attachment take you to the correct site, is the language typical of the sender?” Pinnock said.

“Of course, the signs might not always be easy to spot, so all organisations should consider advanced security with targeted threat protection. This will radically decrease the possibility of malicious emails getting through.”

If people believed their information had been compromised, Pienaar said they could institute a civil claim for damages.

“However, once the substantive provisions of the Protection of Personal Information Act come into force, these will provide remedies and a complaint channel for those compromised by the unlawful processing of personal information. There will also be criminal sanctions in respect of organisations who do not comply,” Pienaar said.

The bill is currently awaiting President Jacob Zuma’s signature.