Illustration: Colin Daniel

Responding this week to what has been billed South Africa’s biggest data breach, Manie van Schalkwyk of the Southern African Fraud Prevention Service (SAFPS) says the situation is not to be taken lightly.

The compromised data, which amounts to 27 gigabytes, includes about 30 million identity numbers and sensitive personal information about income, age, employment history, company directorships, race group, marital status, occupation, employer and previous addresses.

Van Schalkwyk says the breach presents an opportunity for fraudsters to open accounts and transact as one of the people named in the leaked profiles, with enough information to verify that transaction as being conducted by themselves.

He is certain that all South Africans are on this database, and you should assume that this is the case. 

“I warn consumers against attempting to verify if they are on the database or [dealing with] anybody offering services like that. You could be leading yourself into further jeopardy by providing legitimate information to an illegitimate source.” 

Van Schalkwyk suggests that you rather obtain your credit report from a credit bureau and check if there have been any suspicious transactions. If so, he says it is advisable to apply for protective registration on the SAFPS website, www.safps.org.za. This will provide added security and will alert your credit providers and bank that your identity number has been compromised. The service is free.

In the normal course of events, should you lose your identity document or passport or believe that your identity has been compromised in any way, you can go to the website and click on lost passport/ID to apply for temporary protective registration, which will be issued online.

A positive spin-off of the data breach, Van Schalkwyk says, is that database managers are likely to revisit their security protocols.