{"id":650216,"date":"2026-05-28T08:59:56","date_gmt":"2026-05-28T06:59:56","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=650216"},"modified":"2026-05-28T09:00:41","modified_gmt":"2026-05-28T07:00:41","slug":"large-south-african-car-parts-retailer-allegedly-breached","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/650216-large-south-african-car-parts-retailer-allegedly-breached.html","title":{"rendered":"Large South African car parts retailer allegedly breached"},"content":{"rendered":"\n

A threat actor is selling a dataset containing 463,000 records allegedly exfiltrated from Midas South Africa, including customer, sales, and logistics data.<\/p>\n\n\n\n

In a post on a hacker forum, the threat actor said the dataset provided a detailed look at the automotive parts company’s operations.<\/p>\n\n\n\n

The data allegedly included customer contact data, delivery addresses and logistics information, as well as details of customer sales orders for transactional tracking.<\/p>\n\n\n\n

“The data is fresh and organised across three main sections, useful for research, analysis, or understanding the structure of South Africa’s relevant sector,” they said.<\/p>\n\n\n\n

“It includes direct contact details, project descriptions, and funding amounts.” The actors are charging $1,100 (R17,974) to those who want to download the data. <\/p>\n\n\n\n

The threat actor included snippets of data, including sales orders, delivery addresses, and customer contact information.<\/p>\n\n\n\n

MyBroadband looked at the samples, and the data they contained appeared to be legitimate. We asked Midas about the alleged breach, but it had not answered our questions by the time of publication.<\/p>\n\n\n\n

DailyDarkWeb said<\/a> the exposed data could also include invoice and payment status information, customer relationship management and account management metadata, and branch locations.<\/p>\n\n\n\n

It said that organising the data around operational business workflows could make it valuable to financially motivated threat actors seeking to attack Midas South Africa.<\/p>\n\n\n\n

That could include threat actors conducting business email compromise, invoice fraud, supply chain impersonation, and targeted phishing campaigns.<\/p>\n\n\n\n

Moreover, the logistics and sales metadata could give attackers insight into customer relationships, operational patterns, delivery infrastructure, and internal commercial processes.<\/p>\n\n\n\n

Midas South Africa is one of the country’s most well-known and largest franchises for automotive parts, spares, and accessories.<\/p>\n\n\n\n

The alleged breach comes after a raft of alleged data breaches or security compromises of businesses, government departments, and political parties in South Africa during 2026. <\/p>\n\n\n\n

In May alone, threat actors have claimed breaches of systems of the City of Ekurhuleni, the Department of Correctional Services, and the African National Congress (ANC).<\/p>\n\n\n\n

Two million private member records exposed in ANC breach<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n

In mid-May 2026, the cybercriminal group Black X posted an advertisement that it was selling nearly 2GB of private information belonging to ANC members<\/a>.<\/p>\n\n\n\n

By 2022, the ANC had around 600,000 members, following internal audits that recorded members as being in “good standing”. Therefore, Black X’s dataset could include the data of past members.<\/p>\n\n\n\n

The cybercriminal group said the database contained two million records, including ID numbers, phone numbers, email addresses, physical addresses, and photos.<\/p>\n\n\n\n

In its advertisement, Black X said the dataset contained the ANC’s full membership list and an extensive collection of private information about South Africans.<\/p>\n\n\n\n

MyBroadband independently verified samples of the dataset. They included the personal information of general ANC branch members, rather than that of high-profile or leadership figures.<\/p>\n\n\n\n

Black X likely exfiltrated data from tools the ANC used to track membership fees, ID numbers, meeting attendance, and branch-level activity quotas.<\/p>\n\n\n\n

The leaked information included full names, ID numbers, birth dates, gender, language preferences, phone numbers, addresses, and postal codes.<\/p>\n\n\n\n

According to Black X’s website, the dataset was first published online on 28 August 2025. Bitcrack Cyber Security co-founder and CTO Dimitri Fousekis analysed the data and believed it was authentic<\/a>.<\/p>\n\n\n\n

However, precisely how much data was actually acquired could not be verified. The ANC did not respond to MyBroadband’s queries either, but dismissed the breach as “fake news” in a statement.<\/p>\n\n\n\n

The Information Regulator of South Africa subsequently wrote to the ANC<\/a> to ascertain whether the breach occurred and whether private data linked to its members was leaked.<\/p>\n\n\n\n

If the party did not adequately disclose the breach and theft of personal information to the regulator, it could be found in contravention of the Protection of Personal Information Act and face a fine.<\/p>\n","protected":false},"excerpt":{"rendered":"

A threat actor claims to have exfiltrated customer data, sales orders, and logistics information from Midas South Africa’s systems.<\/p>\n","protected":false},"author":341076,"featured_media":650225,"comment_status":"open","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[105536,72252,15227,26872,63066,50043,199,461,91267,105535],"class_list":["post-650216","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-automotive-parts","tag-cyberattacks","tag-cybersecurity","tag-data-breach","tag-data-breaches","tag-data-leak","tag-hackers","tag-hacking","tag-midas","tag-midas-south-africa"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/650216"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=650216"}],"version-history":[{"count":7,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/650216\/revisions"}],"predecessor-version":[{"id":650409,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/650216\/revisions\/650409"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/650225"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=650216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=650216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=650216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}