Following the South African database leak which contained over 66 million ID numbers, people have asked what to do to protect themselves.
The database contained full names, ID numbers, home addresses, contact details, job titles, employment history, marital status, and estimated monthly income, said security researcher Troy Hunt.
Hunt, who disclosed the leak, said it is not the biggest in the world, but is unprecedented in terms of the personal information disclosed.
The data is the type used to open bank accounts, take out a loan, and deal with service providers.
“The closest precedent I can think of is the Philippines Election Commission. It had about 55 million people exposed of the 110 million people in the country,” said Hunt.
For South Africans, Hunt did not have great news in terms of advice on what to do next. “I don’t know”, said Hunt.
His statement echoes that of local security professionals.
“What do you do when just about the entire country’s identity verification attributes have been redistributed publicly?” said Hunt.
“It’s a major issue and I honestly don’t know what’s going to happen next in terms of how South Africa is going to deal with this.”
Part of the problem is that once the data has been exposed, it cannot be taken back.
Fortunately, there are basic steps South Africans can take to avoid falling victim to fraud following their data being compromised.
Manie van Schalkwyk, of the Southern African Fraud Prevention Service, said consumers must not attempt to verify if their details are in the database through uncertified third-parties.
“Rather get your credit report from a credit bureau and check if there are any suspicious transactions,” he said.
If something is suspicious, consumers can apply for Protective Registration on the SAFPS website free of charge.
“This will provide the consumer with added security and will alert the credit provider or the bank that the specific ID number has been compromised.”
Users must also ensure they use unique passwords for all their online services, as a user’s single email address is often used for multiple online accounts.
Passwords which contain your name, birthday, or place of birth, for example, must not be used.
The Hawks and Department of Home Affairs have announced investigations into the data leak, which may result in action against those responsible.
Hunt said he hopes people around the world start asking who they want holding their personal data, and that we start insisting the data belongs to the individual – regardless of who is storing it.