The Daily Swig Web security digest

‘Pretty much the entire population’ – South Africa hit by major data leak

James Walker | 20 October 2017 at 16:00

Real estate firm linked to data scandal affecting 66.3 million people.

South Africa’s Department of Home Affairs is investigating a massive data leak thought to have exposed the personal details of 66.3 million people.

News of the breach was broken earlier this week by Troy Hunt, a web security expert and owner of the Have I Been Pwned? website.

A 27GB file sent to Hunt was found to contained 66.3 million records, each of which includes highly personal details, including national identity number, full name, gender, ethnicity, home address, phone number, marital status, economic status, estimated income, employer, and email address.

According to Hunt, the breach involves “what looks like pretty much the entire population” of South Africa. Children were found to account for nearly 20% of the dataset, and the file also includes information relating to nine million deceased individuals.

Following the breach announcement, South African media outlets made a scramble to identify the source of the leaked dataset, which, in addition to the file sent to Hunt, was also found to have been sitting on an exposed server for at least seven months.

It s now emerged that the information originated from a server linked to Jigsaw Holdings, a South African real estate investment firm.

Discussing the possible consequences of the leak, Hunt said: “Disclosure en mass like this could have serious ramifications for all sorts of situations where folks in South Africa are required to prove their identity, primarily because it’s enormously useful information for people wishing to impersonate others.”