[1]

South Africa recently suffered its largest data breach as the sensitive and private information of estimated 30 million personal records, dead or alive, with a South African ID number (13 digit identity number) were leaked on the Internet [2]. The breach contains‚ among other things; ID numbers‚ ages‚ locations‚ marital status‚ occupations‚ estimated income‚ physical addresses and cell phone numbers. It remains unclear what the source of the information was [3].

South Africa is implementing its Protection of Personal Information Act (POPIA), which restricts how companies handle personal data to safeguard individuals from security breaches. A new report by IBM Security and Ponemon Institute finds that the average cost of a data breach in South Africa is R 32.36 million – a 12% increase from 2016. The study found that these data breaches cost companies on average R 1,632 per lost or stolen record [4]. Top factors that contributed to the increase of cost of a data breach in South Africa include compliance failures and the extensive use of mobile platforms for companies that embrace Bring Your Own Device for its employees.

The danger of the digital world is that attacks or data theft can happen unnoticed [5]. Cyber-attacks are getting more and more sophisticated and it can often take a few years for a company to realise it has been hacked. On average, local companies took 155 days to identify a breach, and 44 additional days to contain a breach once discovered [6].

A data breach currently unravelling in the news is that of Uber, who disclosed this past Tuesday that hackers had stolen 57 million driver and rider accounts, and that the company had kept the data breach secret for more than a year after paying a $100 000 ransom [7].

The largest documented breach to date had been Yahoo’s (dated 2013-14, and the total impact confirmed only last month), whereby the impact rose to estimated 3 billion users. In September 2016, the once dominant Internet giant, while in negotiations to sell itself to Verizon, announced it had been the victim of the biggest data breach in history, likely by “a state-sponsored actor” in 2014. The attack compromised the real names, email addresses, dates of birth and telephone numbers of the initially stated 500 million users, then later revised by Yahoo in October 2017 that all three billion user accounts had been compromised [8].

Security breaches had also taken a toll even in the banking sector, recently being one of the US’ largest banks; JP Morgan Chase (dated July 2014).  The breach impacted 76 million households and 7 million small businesses. The bank said no customer money had been stolen and that there was “no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.” [8]

South Africa’s POPIA aims to give effect to the constitutional right to privacy of consumers by introducing measures to ensure that organisations process personal information in a fair, responsible and, most importantly, a secure manner. The legislation covers why and how they collect, use, disclose and store personal information belonging to natural and juristic persons. Ultimately, POPI is an all-inclusive piece of legislation that safeguards the integrity and sensitivity of the private information. Contact IDATA for further information.

 

  1. http://pulseforensics.com/wp-content/uploads/2016/09/data-breach-2.png
  2. https://www.iafrikan.com/2017/10/18/south-africas-govault-hacked-over-30-million-personal-records-leaked/
  3. https://www.timeslive.co.za/news/south-africa/2017-10-18-private-information-of-around-316m-south-africans-breached-still-online/
  4. https://businesstech.co.za/news/it-services/182293/counting-the-cost-of-data-breaches-in-south-africa/
  5. https://media.scmagazine.com/images/2016/11/10/databreach_1091065.jpg?format=jpg&zoom=1&quality=70&anchor=middlecenter&mode=pad
  6. https://www.fin24.com/tech/cyber-security/sa-fails-to-make-data-breaches-public-expert-20160226
  7. http://www.bbc.com/news/technology-42075306
  8. https://www.csoonline.com/article/2130877/data-breach/the-16-biggest-data-breaches-of-the-21st-century.html
Share This

Share This

Share this post with your friends!

Share This

Share this post with your friends!