Questions raised about Pam Golding data breach

Daniel Puchert

Daniel Puchert

Journalist
Staff member
Joined
Mar 6, 2024
Messages
2,790
Reaction score
2,644
Shocking details about data breach in South Africa

Real estate agency Pam Golding may not be entirely forthcoming about how it obtained the personal information compromised in a recent breach of its customer relationship management (CRM) platform.

A security researcher contacted MyBroadband shortly after the incident when she saw that Pam Golding was using an email address for her that they should not possess.
 
Pam Golding BS said:
Once a client opts out, the information would have been marked as such by the agent on the system, indicating that no further canvassing to the contact may take place,” said Pam Golding’s information officer.
Click to expand...

Weird that I sent them an email with a screenshot of six unsubscribe/do-not-contact requests which they ignore - I also still receive random calls from local Pam Golding agents. So this is complete BS. Which is now part of my POPIA complaint.

If they insist on keeping your details after direct requests to delete them - then they must be held legally responsible for the breach of those details. They do not keep them so they don't contact you again.
 
If the service is free, you are the product!

Don't trust these credit bureaus (same as CCP social score system) offering
  • free credit checks - a system to collect your data
  • free ID Monitor - a system to collect even more of your data
    • Alerts you when your personal information is detected on the dark web [as a result of data leaks from their systems]
The free ID Monitor is a scam as they are the ones leaking your data to the dark web:
Credit bureaus are the worst collect your "free credit check" and "free ID Monitor" data as sell that data to others like Pam Golding.

What are the regulators doing to punish these companies?

Pam Golding & TransUnion be like:
1742883346479.jpeg
 
"One unlikely option is that Pam Golding obtained data from the 2022 TransUnion data breach and added it to its CRM system. This assumes that the researcher’s email was contained in that dataset."

This isn't unlikely. In 2022, companies were still selling email lists. It's highly likely that one of these companies harvested the lists illegally to boost their numbers and then resold them to Pam Golding as part of some media deal.

It's feasible that there is almost a laundering system going on with personal data. Hacks get harvested by unscrupulous marketers, and the lists get used and repackaged with legitimately harvested data to bolster their value. That repackaged data then gets shared as part of media deals or direct marketing lists through opt-in partner agreements.

So, company X harvest the hack to bolster the value of its lists.
Company Y deals with Company X to market to its base.
Company Y has access to the list and an opt-in partner deal with Business Z.
Business Z uses the list believing it is legitimate.

The reality is that with POPIA, none of this should happen, and lists should expire.

POPIA violations, Company or Government negligence in hacks, and data reselling should all be ruthlessly prosecuted, but yeah.
 
1742896326016.png

1742896421018.png

TransUnion-building.jpg
 
The way her domain is configured allows her to receive email to any username in a single mailbox without first having to set up specific aliases.
Click to expand...
That's silly. You'll still get spammed if the domain gets leaked due to a hack.
 
The only logical explanation is that PG bought data from a 'data broker on the internet' that either got leaked in the breach or sold.

I have a similar setup to the lady in the article, and it's amazing who you catch out.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter