Back Print this page
Legalbrief   |   your legal news hub Sunday 24 May 2026

Removed

The Information Regulator has requested an urgent meeting with Liberty Holdings CEO David Munro to understand how its data was breached, says a TimesLIVE report. Information Regulator chairperson Advocate Pansy Tlakula also requested the extent and contents of the data breach‚ what interim measures have been put in place to prevent further breaches and if those affected by the breach have been informed. It is not yet clear how much information was stolen and how many customers might be affected. Munro said the company believed the breach involved recent e-mails and attachments from Liberty’s insurance business in SA. Tlakula said the Protection of Personal Information Act (Popia) has only partly come into effect‚ but section 19 of the Act requires companies to ensure the personal information it possesses is secure. ‘South Africa has experienced a disturbingly high number of material data breaches in the past few months‚’ Tlakula said. ‘Without a fully functional Information Regulator‚ these breaches will continue to occur without sanctions provided for in Popia. These data breaches underscore the (need for the) urgent establishment of the regulator.’ Meanwhile, Moneyweb reports that Liberty could face massive fines through civil lawsuits. Civil claims from aggrieved clients could potentially emerge on the basis of their right to privacy being infringed, while fines as high as R10m for each data breach incident could be levied under the Protection of Personal Information Act. The law, introduced when government realised that data breaches were a rising threat across industries, puts the onus on companies to safeguard the collection and storage of personal information.

Apart from the latest cyber threat against Liberty Life‚ personal information about South Africans has landed up in the wrong hands as a result of several data breaches in the past few months. As previously reported in eLaw & Management, ViewFines‚ a website for viewing traffic fines‚ suffered a data breach in May. More than 934 000 records containing 778 000 unique e-mail addresses were exposed‚ including names‚ phone numbers‚ government-issued identity numbers and passwords stored in plain text. A TimesLIVE report notes that the leak did not affect all licensed drivers but only those who had registered to pay traffic fines online using one or more of the sites that provided the service.