Millions affected by massive data breach

In what is being labelled SA's biggest data breach, the personal and sensitive information of an estimated 30m South Africans has been exposed, a leading security developer has discovered. BusinessLIVE says that Tory Hunt, a Microsoft regional director, reported that he had uncovered 'a very large breach titled 'masterdeeds'. The news site says the information appears to be related to home owners as details such as ID numbers, personal income, employment history, Erf numbers, bond amounts, transfer dates and title deeds were included. Hunt suggested that the leaked information could have come from a government source. Hunt's website, Haveibeenpwned.com, previously revealed what was considered SA's biggest data breach when entertainment group Ster-Kinekor's website was hacked in 2016, exposing more than 6m accounts including 1.6m unique e-mail addresses. A report on the Fin24 site notes some commentators said the database appeared to be from 'ancient Java' which was last updated in 2009. This may just mean that the database that was being used by the agency the information had been taken from was not up to date. Queries to the Deeds Office on whether they have at any time been hacked had not yet been answered by last night.

Full BusinessLIVE report

Full Fin24 report

A TimesLIVE report notes that the breach is 'a very risky and dangerous development', said Basie von Solms‚ a director of the Centre for Cyber Security at the University of Johannesburg. 'With enough personal information‚ one can do damage to a person by illegally opening credit accounts or make bookings. It is an extremely big risk. The great risk is to the individual whose data has been breached.' Von Solms said the big question was whether the data was still where Hunt found it or whether it had been removed. 'He made a back-up. There are others who might have found it and made back-ups,' he said.

– TimesLIVE

Nedbank, Telkom, Discovery and Investec are among top South African listed companies with the most exposure to cybersecurity risks. This is according to a new research report from the Cyber Intelligence Research Group which was released as CyberCon, a cybersecurity conference in Johannesburg. Moneyweb reports that the Cyber Exposure Index (CEI) was launched in Singapore earlier this month. The index scores listed companies on their levels of exposure. South African companies received an average exposure rating of 1.9. The index aggregates data that is publicly available through the dark and deep Web, or as the result of third-party data breaches. This data is used to identify top listed companies’ vulnerability to hacker group activity, disclosed sensitive information and leaked credentials. Companies are then scored from 0-5, where 0 indicates no exposure and 5 places a company among the 1% of firms with the most exposure. While no South African company scored a 5, many household names, including Sasol, Liberty, Woolworths and Anglo American scored a 4.

Full Moneyweb report