Massive South African Data Breach – Implications for Terrorism

By SATAC Analytics Team: On 17th October 2017 a massive data breach of personal information affecting 30 million South Africans was reported on Tech CentralA huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt. Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30m unique South African ID numbers.”

SATAC’s analysis of the header code shows the following information:

Identity Number, Title, First Names, Surname, Deceased status, Citizenship, Gender, Age Group, Population Group, LSM (Lifestyle Monitor Index), Homeownership (20 character text field), Location, Marital Status, Estimated Income, Directorship [Possibly company directorship] (20 character text field), Most recent physical and postal addresses, Contact numbers (cell, home and work) (20 character text field), 3 email address fields (20 character text field), 3 x fields for occupation, 3 x fields for employer, property ownership details including address and amount of bond.

The data dump emphasises property ownership, physical addresses and important details related to current employment, employment history and financial status. It contains multisource data compiled from a number of different databases including those that would be held by credit score companies, banks, the deeds office etc.

What are the implications? If this is correct, the data could easily be used to exploit and destabilise individuals, business and personal relationships, communities, organisations and even, perhaps, stimulate a colour revolution. Particularly the information can be used for Identity Theft and impersonation, gangstalking and targeted reputation assassination and ransomware attacks. Organisations become more vulnerable as directors have their personal details including financial, residential information and web history become available to the users of this information.

Comments (The database header records seem not to have been created by a database administrator fields (such as date and telephone number fields etc.) are all stored as varchar suggesting this table was constructed to retrieve data from multiple sources, possibly as a temporary table used to export to a SQL database environment – in a properly designed database date fields would be properly designated as date fields – there are many examples of this)

 

Hits: 66

Author:

SATAC Research & Analytics Team

Leave a Reply

Your email address will not be published. Required fields are marked *