| #SADataBreach: Local experts say don’t panic

Security News ThreatsCybercrime Uncategorized


Johannesburg – Local internet expert Steven Ambrose has urged the public not to panic after the country’s largest data breach. 

Ambrose, who is the CEO of technology research firm Strategy Worx, told Fin24 that the breach was a massive wake-up call for citizens in the country. 

Phishing attacks

“People need to be vigilant,” he told Fin24. “With this kind of information available on the dark web or somewhere else on the internet, citizens could fall victim to spear phishing attacks, which are targeted at an individual or company.”

Ambrose explained that spear phishing attacks take place when an attacker has personal information about their victim and uses the initial information to get other crucial information like banking details. 

“If someone calls you never give out your bank account number and especially not your pin. No bank will ever ask for your pin.” 

“Often attackers lure people into trusting them by asking them personal questions from information similar to what has been leaked during the data breach,” said Ambrose. “After, three to four question, people begin to trust them.”

Starting point 

Ambrose explained that while the information leaked through the data breach could be accessible in one way or another by hackers, the massive data breach was a starting point to phish victims. 

“People are not safe,” he said. “Cybercrime has become very sophisticated and attackers use carefully thought campaigns to fool people. While there are no imminent threats from the data breach, there are dangers and people need to be more paranoid about the information they give to people.”

South Africa’s largest data breach reached over 60 million unique ID numbers on Thursday, according to Troy Hunt, founder of website, Have I Been Pwned(HIBP), which revealed the data breach.

Fin24 reported this week that the incident may be the biggest breach of Popi (Protection of Personal Information Act) to have ever taken place. 

Hunt said the database contained names of people, their gender, ethnicity, home ownership and contact information. The data also contained people’s identity numbers and other information like their estimated income and details of their employer.