2017年10月，南非曾经遭遇一次大规模信息泄露事件，涉及大量公民身份证号码、收入、婚姻状况、就业和财产所有权信息。据当时媒体报道，泄露事件涉及的信息最早可以追溯到20世纪90年代甚至更早，规模大概有3000多万，而且这个数字可能还会继续上升。经过一番调查有关部门发现，数据线泄露的源头是一家叫作Dracore Data Sciences的数据公司。该公司的客户包括TransUnion和多个房地产公司。
根据The Next Web的消息显示，本次泄露的数据包括身份号码、电子邮件地址、全名和交通罚款的文本密码。
South Africa, following a massive breach in October 2017, suffered another attack, with the personal records of 934,000 South Africans being leaked.
According to news from The Next Web, the data that was leaked includes national identity numbers, email addresses, full names and text passwords for traffic fines. Working with Australian security consultant Troy Hunt and the team at iAfrikan, TheNextWeb established that the data was posted publicly by a company responsible for traffic fines for South Africa’s online payments. South Africa lets several companies facilitate payments for traffic fines over the internet, and the leaked database doesn’t represent all of the drivers that are licensed in South Africa — given that at the end of the March of 2017, there were more than 12 million, and the database only had information on 934,000 South Africans.
In what was potentially South Africa’s largest data breach, hackers in October 2017 got away with extensive personal information, including ID numbers, income, marital status, employment and property ownership information. According to a news report in The Next Web at the time, after the team at iAfrikan — along with security consultant Troy Hunt — spotted the South African breach, they discovered that personal information was stolen from both living and deceased people. The personal records dated back to the late 1990s or even older. The breach may have impacted 30 million unique records, but that number could increase. After some sleuthing, the team found that the company in possession of the breached data was Dracore Data Sciences, which names TransUnion as a client. The company also had real estate businesses as clients.
“They’ve [Dracore] collected an enormous volume of data, and I’m not sure the owners of that data ever gave their consent,” said Hunt. “That may still be legal, but the backlash will be severe. They then published that data to a web server with absolutely zero protection, and, of course, unauthorized parties found it. You yourself [iAfrikan] found it very quickly just by searching for it. There is now going to be a very serious spotlight shone on them for the sheer incompetence of their actions, and they’re in no position [to] threaten those who’ve reported this to them responsibly.”