Residents of the City of Joburg are still unable to view their bills on the e-Services portal of the municipality’s website after it was disabled due to the discovery of a security flaw over 2 months ago.
Ratepayers are also not able to sign up to receive their statements by e-mail due to the downtime, a spokesperson for City of Joburg told MyBroadband.
However, electronic statements are still being sent out to those customers that signed up to receive their invoices by e-mail before the e-Statements system was taken down, the spokesperson said.
When trying to access the portal, the website displays the following message:
The City of Johannesburg is currently experiencing technical challenges with the online viewing of e-Statements.
The problem has been identified and we are working around the clock to rectify the situation. We do not believe this issue is widespread as this matter was identified in good time.
The City would like to reassure its customers that no information can be manipulated on the City’s Billing System.The City is undertaking legal proceedings against those who viewed and posted information unlawfully.
We apologise for any inconvenience caused and remain committed to protecting customer information.
If you require a copy of your account, customers are advised to visit any nearest Customer Service Centre or call the City’s Call Centre on: 0860 Joburg or 0860 56 28 74.
The “issue” referred to in the notice was a security flaw in the City of Joburg’s website that allowed anyone to view the municipal bills of the city’s residents.
According to the residents that reported the flaw, all you needed was the correct URL, which could then be re-used to access any invoice by its unique number.
The publicly available invoices contain private information including names, addresses, account numbers, PIN codes, and financial details.
It is curious that the City of Joburg claims the “matter was identified in good time”, considering that an e-mail was sent to the municipality reporting the flaw a week before it made headlines.
Asked about the continued downtime, a spokesperson for the City of Joburg said that their IT team was still working to ensure the security of the platform.
He said that they don’t want to announce reopening date until they are certain that the security of the system cannot be compromised again.