A healthy disrespect for authority

You, being a law-abiding citizen, decide to go online and pay the bill.

However, before you can pay the account you have to supply general information like your ID number, car number plate, postal address, email address, and contact number. Seemingly innocent, given Sanral’s promise that they “will take all reasonable measures to protect your personal information and keep it confidential”.

What they fail to tell you is Sanral’s website was recently hacked, and the perpetrators were able to access and steal registered users’ information. As ITweb so succinctly put it, “The exposed data is ripe for exploitation – it could be used to initiate fraud, phishing, identity theft, or even housebreaking, particularly when coupled with records.”

What’s equally disturbing is the fact that Sanral wasn’t even aware they’d been hacked until a researcher, known only as ‘Moses Thembeka’ aka ‘moe1’, published a video on YouTube and a tutorial on how to capture a registered e-toll user’s PIN. It was alarming how easy it was.

Now, while Sanral can argue that there is no law requiring they let users know about the breach in security, surely any decent, legitimate business would?

As ITweb points out, “Since the latest hack requires an attacker to know or guess a victim’s username, the number of accounts likely to be compromised could be relatively low, but the risk to hacked accounts is very high.” Sadly this does little to reassure me.

Whatever the outcome, the secrecy around the security breach – or at least Sanral’s failure to inform registered users – just confirms that I have made the right choice not to register for an e-tag, and has strengthened my resolve to protest against them every chance I get.

With the number of motorists refusing to register for an e-tag it appears Sanral might just be fighting a losing battle. Only time will tell. Whatever the outcome, I’ll continue to live by my father’s wise words: always have a healthy disrespect for authority.