Another data breach rocks South Africa as details of 1.4 million South Africans gets leaked

We are currently living in a world that is being driven by technology. It is very rare to find any aspect of our daily lives that is not impacted by technology.

Since Government imposed the National Lockdown – which aims to mitigate the worst effects of the Covid-19 Pandemic – there has been a significant move towards social distancing and essential services within the financial services industry have moved online.

“Criminals have also moved online,” reports Manie van Schalkwyk, CEO of the Southern African Fraud Prevention Service (SAFPS), “it is estimated that there are 17 billion cyber attacks that take place around the world every day.

Another South African company reports a data breach

Over the past two years, South African companies have been reporting that they have been victims of cyber attacks and data breaches. This includes Experian (July 2020), ABSA (November 2020) and Transnet (June 2021). In the Experian and Absa breaches, personal information of consumers was compromised.

The Department of Justice recently announced that it was a victim of a cyber crime as was African Bank. Debt-IN Consultants, a professional debt recovery solutions partner to many South African financial services institutions, announced on 22 September that a ransomware attack by cyber criminals resulted in a significant data breach of consumer and employee personal information.

It is suspected that consumer and personal information of more than 1.4 million South Africans was illegally accessed from Debt-IN servers in April this year. The breach only came to light last week with the discovery that confidential consumer data and voice recordings of calls between Debt-IN debt recovery agents and financial services customers had been posted on hidden internet sites that are only accessible by a specialised web browser.

Common practice

“This is a classic example of what we are seeing in the current environment,” says Dalene Deale, Executive Head of Secure Citizen. Secure Citizen was created through a collaboration with the Southern African Fraud Prevention Service (SAFPS) and OneVault in response to a rapid growth in identity theft following online fraud.  “Fraudsters do not discriminate. As we continuously move towards the adoption of a digital and more importantly ‘touchless’ era, the platform for fraud increases. Fraud is a fraudster’s business and they often use the same business tactics we use in legitimate business, the difference being that they don’t have customers, they have victims. Thanks to an increase in data breaches, fraudsters are motivated and armed with the correct information, meaning that are very capable of impersonating an individual. The impacts of this are catastrophic,” says Deale.

Van Schalkwyk points out that the Debt-IN data breach is concerning as the records of 1.4 million South Africans have been compromised. “In a country where identity fraud is common practice, this is extremely concerning. It is critical that consumers act now before significant fraud is unknowingly committed on their behalf,” says Van Schalkwyk.

Secure Citizen

The largest number of victims when it comes to these data breaches are consumers. However, once criminals have access to this information, identity fraud takes place. This impacts companies who need to know that the person at the other end of a transaction is the actual consumer and not an impersonator.

“The objective of Secure Citizen is to focus on a key core functionality that enables both businesses and individuals to interact in a trusted, delightful and easy manner. In South Africa we are fortunate to have an established Identity System governed by the Department of Home Affairs, but many individuals do not participate in the digital economy due to the high levels of fraud or due to a lack of understanding/knowledge. Our Secure Citizen aim is to drive digital inclusivity, which underpins and enable financial inclusion,” says Van Schalkwyk.

From a consumer perspective, a digital identity solution must be based an individual’s unique attributes, it must be easy to use, real time and it has to enable trust. The solution must not discriminate against income, gender, geographical location, or even your choice in mobile phone. For companies, the solution must be interoperable; it cannot discriminate against legacy or future systems, or the maturity of a company’s digital transformation journey. It must be affordable; available to any business regardless of size, whether your business is classified as SMME or Enterprise. Every business in our country has to be able to verify the identity of their existing and potential customers, employees and even directors of their partners.

“Secure Citizen will be making this solution available directly to the public to enrol themselves into the Secure Citizen Database at no cost. We believe that using your biometrics is your birth right. Nobody should be able to use your information without your knowledge and without your permission,” says Deale.

Protective Registration

One of the most important services, and the core of SAFPS’ service offering, is Protective Registration. Protective Registration is a free service protecting individuals against identity theft. Consumers apply for this service and the SAFPS alerts its members to take additional care when dealing with that individual’s details.

Protective Registration provides an added layer of protection and peace of mind regardless of whether the identity of the applicant has been compromised.

“If a member of the public wants to become proactive in the fight against fraud, the SAFPS is there to serve them. Visit our website on   Click on the fraud prevention tab and protect yourself against identity theft with Protective Registration.  For best results, use your smart phone to go to our website.  Once you have uploaded key pieces of information, you will add another layer of protection against potential ID fraud,” says Van Schalkwyk.

“As a society, it is important that we move towards creating a world where the fight against fraud becomes protective and proactive. We need to protect consumers and this needs to be done in a proactive manner. We cannot always be reactive when it comes to fraud,” says Van Schalkwyk.