Reading:
South African data breach compromises 30 million personal records
Share:
victim of data theft or loss

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

South African data breach compromises 30 million personal records

Creator and founder of HaveIBeenPwned.com, Troy Hunt, discovered yet another data dump last year. This one reportedly contained personal data belonging to millions in this staggering South African data breach.

At the time of discovery, the information was available from an online public database back-up file and even came with a smaller compressed version. Anyone on the site could download the information.

The South African data breach dump reportedly included:

  • Names
  • Citizenships
  • Genders
  • Ages
  • Property ownership information (deeds, locations, sale prices)
  • Marital statuses
  • Deceased statuses
  • Addresses
  • Employment histories
  • Incomes
  • Company directorships
  • Unique South African ID numbers
  • Email addresses

As far as Hunt is aware, the huge clump of information has not yet been put up for sale, but it’s noted that “it is definitely floating around between traders”.

To identify the information, Hunt analysed some of the data and believes that the breach took place before March 2017. The data itself dates back as early as the 1990s. Having consulted with Hunt, IAfrikan.com has reportedly suggested that, due to the type and quantity of the information, it was most likely that the information was taken from a credit bureau or a data aggregation company. They’ve pointed the finger at Dracore Data Sciences.

Hunt did not mince his words over the severity of the situation. He said:

“They’ve collected an enormous volume of data and I’m not sure the owners of that data ever gave their consent. That may still be legal but the backlash will be severe. They then published that data to a web server with absolutely zero protection and, of course, unauthorised parties found it.”

He added that anyone could find the confidential personal data contained within this South African data breach just by doing a simple online search. “There is now going to be a very serious spotlight shone on them for the sheer incompetence of their actions and they’re in no position to threaten those who’ve reported this to them responsibly.”

Over 30 million records were breached, including 2.2 million email addresses.

With this much information, the data ‘traders’ could sell this information to people who will email the subjects listed with direct marketing emails to try and sell their goods and services, or go down a darker route and send out phishing emails loaded with malware.

Email addresses are surprisingly valuable to cyber criminals and unscrupulous marketing companies who love to send masses of unwanted emails for financial gain.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon