Database of 30 million+ South Africans leaked online, property group is culprit

NEWSWATCH: After a database of more than 30 million South Africans had been leaked online, including estimated incomes‚ addresses, and cellphone numbers, one of the country's top real estate companies has admitted to being the unwitting source.
Database of 30 million+ South Africans leaked online, property group is culprit
© rphotos via
In addition to the aforementioned, the personal information that was published also reportedly contains names and surnames, identity numbers, employer details, gender, ethnicity, home ownership as well as other contact information which could be used for crimes like identity theft.

According to a report on Times Live, the information originated from Jigsaw Holdings which includes Aida‚ ERA and Realty-1.

The report states that Aida CEO Braam de Jager said they had “absolutely no idea” how the information was published on their server before it was removed on Wednesday afternoon.

De Jager said the information‚ which was available for download until Wednesday morning‚ was bought from credit bureau Dracore in 2014 to track down potential clients who might want to sell their houses.

According to the Times Live report, Dracore CEO Chantelle Fraser said they were not responsible for publishing the information and had no knowledge of how external companies used the information.

Potentially biggest breach of PoPI Act ever

African leader in Secure IT Asset Disposal (ITAD) services, Xperien, says this could be the biggest breach of Protection of Personal Information (PoPI) Act ever.

These data security laws mandate that organisations implement adequate safeguards to ensure the protection of company and personal information, especially when it comes to the disposition of redundant IT assets.

In an effort to protect personal information, the PoPI Act has been signed by the President and is now law. It sets conditions for how to lawfully process personal information.

The Act enforces companies to introduce strict measures and guidelines that will safeguard the processing, usage and handling of sensitive information. It places a strict onus on businesses when it comes to handling personal information about their clients, staff and customers.

The Information Regulator has published the regulations for comment and companies will only have one year from the commencement date to comply or face significant consequences.

Xperien has warned that companies must act before it's too late. CEO Wale Arewa says that if there is a breach, the financial implications can possibly cripple an organisation. "If found guilty, companies will face potential civil claims, fines and reputational damage."

“The PoPI Act will have serious consequences in the near future. It won’t be long before we start reading about companies that have been fined for non-compliance and this in turn will encourage other companies to adopt policies that will ultimately protect them from reputational loss,” he concludes.

For more:

About Ilse van den Berg

Ilse is a freelance journalist and editor with a passion for people & their stories (check out Passing Stories). She is also the editor of Go & Travel, a platform connecting all the stakeholders in the travel & tourism industry. You can check out her work here and here. Contact Ilse through her website here.

Let's do Biz