Over 60 Million SA Records Leaked

25 Oct 2017 - 15:45

A 27GB file which was initially thought to have contained 30 million unique SA records, but which is now sitting at over 60 million, was revealed by Australian security researcher Troy Hunt on 17 October 2017.

  • Troy Hunt’s website – Read more
  • Local perspective - – Visit / com – Visit

The data, sent to Hunt in a file titled masterdeeds.sql, contains sensitive details such as SA ID numbers, marital status, income, current/past company directorships, employment details and property ownership information. This information on both deceased and living people in South Africa, including children, may be used to commit identity theft.

Why should I care about Identity (ID) theft?

ID theft is a crime where a thief steals your personal information, such as your full name or identity number to impersonate you and commit fraud. The identity thief can use your information to apply for credit fraudulently, steal your tax return, obtain medical services or even “marry you” to benefit from citizen benefits. These acts can damage your credit status, your chances of gaining employment and cost you time and money to restore your good name.

What precautionary steps should you take today?

  1. Check if your email address was compromised in this breach (or previous ones) –visit check, and register to be notified in future (PS – pwned is hacker speak for being “owned”).

 Get free credit monitoring report – Visit one of the following credit bureaus and register for a free credit check to ensure that you are not a victim of ID thieves. It may be a bit premature for the current data breach, but no harm in having a look. Ensure you conduct these checks at regular intervals.

TransUnion website / Experian website / Compuscan website

  1. If concerned, request a fraud alert or a security freeze on your credit report – This is recommended after data breaches for peace of mind. This will prevent others from opening accounts in your name.

 Check and monitor your statements:

  • Check your credit card, bank and retail statements for any fraudulent activity.
  • Arrange with your bank for phone notifications on all your purchases, so you are immediately alerted to any suspicious purchases or activity that you didn’t authorise.

What to do if you are a victim of ID theft?

  • Report the matter to your nearest police station.
  • Ensure you keep a copy of the report and case number – This will be useful evidence required by credit providers, banks or prospective employers.
  • Contact the Southern African Fraud Prevention Service (SAFPS) – Help-line: 0860 101 248 / Email: or visit their website for more details

Prevention techniques to protect your identity and personal information

  1. Be wary of Social Engineers - A fraudster pretending to be from a legitimate business, will try to trick you into sharing your details. Historically, fraudsters would call you on the phone or send you an email. Recently, text message attacks are becoming more common.
  2. Manage personal information safely – Store sensitive info in a safe place at home and work. Shred receipts, credit offers, account statements, and expired credit cards to prevent “dumpster divers” from getting your personal information.
  3. Don’t overshare on social networks – Don’t make it easier for identity thieves or cyber criminals by posting your birthday or residential address online. At the very least, tighten your privacy and security settings. The less you share, the safer you will be.
  4. Improve your password management
  • Don’t use the same password across multiple sites.
  • Create complex passwords – avoid using English words by combining other languages, numbers and special characters.
  • Use a password management tool such as LastPass to manage the bulk of your passwords. Keep your very sensitive sites separate, which means you will then only need to remember a handful of passwords.
  1. Enable two-factor authentication
  • Two-factor authentication (2FA) is an extra layer of security offered by most websites that require additional confirmation (i.e. SMS / email / App) on top of your username and password.
  • Here is a useful how-to-guide to set up two-factor authentication on all your online accounts – Website
  1. Ensure your devices have protection against malicious software
  • Without protection, your devices are vulnerable to a range of potential attacks by cyber criminals such as information theft, ransomware, viruses, adware and spyware.
  • Here is a useful independent 2017 comparison of the best free antivirus protection tools to consider – Website


* This document was compiled and provided courtesy of Wolfpack’s Cyber Security Team