File Picture: Kacper Pempel/Reuters

CAPE TOWN - It is reported that one of South Africa’s top real estate companies has admitted to being the source of the largest known personal data breach to date in the country.

The leak contains multiple personal information this includes the estimated income‚ addresses and cellphone numbers of the likes of President Jacob Zuma‚ Finance Minister Malusi Gigaba and Police Minister Fikile Mbalula.

It has been said that the information originated from Jigsaw Holdings which includes Aida‚ ERA and Realty-1. Aida CEO Braam de Jager said they had “absolutely no idea” how the information was published on their server before it was removed on Wednesday afternoon.

“As I am speaking to you now‚ I have called in forensic guys into my office that are busy investigating all of these things right now‚” he told TimesLIVE. De Jager said the information‚ which was available for download until Wednesday morning‚ was bought from credit bureau Dracore in 2014.

The information contains amongst other things the ID numbers‚ age‚ location‚ marital status‚ occupation‚ estimated income‚ physical address and cellphone numbers of millions of South Africans. De Jager said they bought the information to track down potential clients who might want to sell their houses.

Also read: Home Affairs set to investigate massive data breach

“If we arrive at house and a tenant tells us that he knows the owner wants to sell the house‚ we ask them who the owner is. They often do not know who the owner is. We then go and extract that specific property’s information based on the address to get the owner’s information.” Dracore CEO Chantelle Fraser said they were not responsible for publishing the information and had no kowledge of how external companies used the information.

Manie van Schalkwyk of the Southern African Fraud Prevention Service, says this is not a situation to be taken lightly. As the breach could lead to personal information that was published could be used for crimes like identity theft.

“A hacker could have various motives,” he says. “They could sell the information, be seeking revenge on an organisation or looking to create harm. These all have repercussions," said Van Skalkwyk. 

Dr Jabu Mtsweni‚ cybersecurity expert at the Council for Scientific and Industrial Research (CSIR) said this information could also be sold on the internet to the highest bidder.

“People who want to clone my identity. They don’t necessarily need my ID number. I don’t need to lose my ID number … This information can also be used by criminals to actually try and authenticate themselves as yourself over the phone.” Professor Basie von Solms‚ director of the Centre for Cyber Security at the University of Johannesburg‚ said cyber criminals could use the information in this breach to obtain credit.

Have you read: Personal data of millions of South Africans may have been leaked online

“With enough personal information‚ one can do damage to a person by illegally opening credit accounts or make bookings. It is an extremely big risk. The great risk is to the individual whose data has been breached.” South Africans were alerted to the leak by Troy Hunt‚ an Australian web security expert‚ who first tweeted about it on Tuesday.

Van Schalkwyk is certain that every South African is on this database and  says they should assume that this is the case. “I warn consumers against attempting to verify if they are on the database or anybody offering services like that.” 

“You could be leading yourself into further jeopardy by providing somebody else with data with the understanding that you will verify if you are on the leaked dataset. You might provide legitimate information to an illegitimate source."

This is a developing story. 

- BUSINESS REPORT ONLINE