Data breach exposes millions of South Africans' personal records - TechCentral

Data breach exposes millions of South Africans’ personal records

A huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt.

Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30m unique South African ID numbers.

The data trove was discovered among a large dump of other breaches, and Hunt could identify it as South African source by the personal address details contained in it. He said that to date he hasn’t seen it offered for sale, but that “it is definitely floating around between traders”.

The date of the database file indicates that the breach took place in March 2017, or perhaps before. The actual data includes information from at least as far back as the early 1990s.

Hunt is now attempting to identify the source of the database and has shared its headers to help get to the bottom of it. The headers can be viewed here.

Some of the data headers seem to indicate that the source may be government, but this is not definitive. It may be that this information is from a commercial entity such as a bank or credit bureau.

Once the owner of the data is identified and informed, Hunt will upload the info to his HaveIbeenPwned service (although he notes that the data only includes around 2.2m valid e-mail addresses).  — (c) 2017 NewsCentral Media

  • Mo

    “`LSM_GROUP` varchar(20) DEFAULT NULL,” This seems to indicate a commercial entity or credit bureau

  • Warchylde

    LSM is living standards measure most likely. So you may be correct, credit bureau of some kind.

  • Andrew Fraser

    I thought the same thing, but evidently until recently Government (StatsSA) did use LSM segmentation.

    The fields that are likely to return the source best are the following: POC, POP, CPC and BAI.

    CPC may well be credit profile.

  • Vince-0

    This kind of thing gets passed around call centers all the time.

  • Gman

    I’m curious as to why the ‘owner’ of the data isn’t made public?

  • The Emperor has no clothes…

    I suspect that it will be up for sale on the dark web soon.

  • Werner Ackermann

    Call centres like that are quite likely to be hit first by POPI.

  • Werner Ackermann

    The source you mean?

    You could maliciously reveal such data in an attempt to do damage to an organisation, but access should be restricted to the information in any case.

    Raw dumps like these should only be available to a very small group.

  • Junior2309

    Looks like a banks bond docs, Nedbank? Looks 90% like the one I have in my files from the bank

  • AndrewWheelerDealer

    How this is not front page news in beyond me…

  • Marlon Fungai Murahwa

    There are 2 words missing from the story – State Capture

  • Gman

    True, I agree. I see that the source hasn’t yet been identified, I must have either misread it or they fixed it. The raw content should definitely not be made public, but we should at least know who is ultimately held responsible (of course, when possible)

  • It wouldn’t surprise in the least if it was The Government, given that the Gupta Leaks show the state capture machine was used state surveillance apparatus against journalists and other high profile people critical or potentially critical of those three illegal immigrants.

    But it should be surprising, shocking. Let us hope that it is not The Government.