NEWS

SA's Massive Data Breach: Main Targets Are Children Under Three-Years-Old

New analysis of the record-breaking data breach has taken a turn for the worst.

20/10/2017 10:37 SAST | Updated 20/10/2017 10:37 SAST
Lee Jae Won / Reuters

Fresh analysis by the man behind the full investigation into South Africa's massive "Master Deeds" data breach , Microsoft's expert Troy Hunt has revealed that most of the hacked identity profiles discovered belonged to South African children.

Many of them were under three-years-old and some were teenagers.

The breach is being referred to as the biggest digital security threat in the country's history.

"I was pretty stunned to see that 19% of the records in there [the stolen data] are apparently children. That's not including teenagers either and if we add them, that figure jumps to 29%," Hunt said in his blog on Friday morning.

Hunt, after analysing figures, also confirmed that more than 67 million South Africans were included on the database, where their details could potentially be recreated from what were presumably private records held by the Deeds Office.

"It's an explosive situation," Hunt said in an earlier blog post.

"Disclosure en mass like this could have serious ramifications for all sorts of situations where folks in South Africa are required to prove their identity, primarily because it's enormously useful information for people wishing to impersonate others."

The database is said to have the names of people, their gender, ethnicity, home ownership and contact details.

The information also includes identity numbers and details of employers.

The Hawks on Thursday confirmed that they were investigating the data breach.

"The Hawks typically do not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, the Hawks are collaborating with other law enforcement agencies and stakeholders investigating the data breach," said Brigadier Hangwani Malaudzi.

Jigsaw Holdings, an umbrella company that holds various real-estate agencies under it's title, admitted on Thursday to their part in leaked information. The data was reportedly hosted on their server, investigations revealed.

"The premise of a private company collecting huge troves of data about individuals without their consent then monetising it by selling it to other organisations who may then mishandle it (as is obviously the case), is alarming...but questions must be asked about whether an organisation like that should have had it in the first place." Hunt said.