Database of 30 million+ South Africans leaked online, property group is culprit

20 October 2017

NEWSWATCH: After a database of more than 30 million South Africans had been leaked online, including estimated incomes' addresses, and cellphone numbers, one of the country's top real estate companies has admitted to being the unwitting source.

In addition to the aforementioned, the personal information that was published also reportedly contains names and surnames, identity numbers, employer details, gender, ethnicity, home ownership as well as other contact information which could be used for crimes like identity theft.

According to a report on Times Live, the information originated from Jigsaw Holdings which includes Aida ERA and Realty-1.

The report states that Aida CEO Braam de Jager said they had 'absolutely no idea' how the information was published on their server before it was removed on Wednesday afternoon.

De Jager said the information - which was available for download until Wednesday morning - was bought from credit bureau Dracore in 2014 to track down potential clients who might want to sell their houses.

According to the Times Live report, Dracore CEO Chantelle Fraser said they were not responsible for publishing the information and had no knowledge of how external companies used the information.

Potentially biggest breach of PoPI Act ever

African leader in Secure IT Asset Disposal (ITAD) services, Xperien, says this could be the biggest breach of Protection of Personal Information (PoPI) Act ever.

These data security laws mandate that organisations implement adequate safeguards to ensure the protection of company and personal information, especially when it comes to the disposition of redundant IT assets.

When I read the warnings that fill our media, I'm reminded of the Y2K bug. Just like 1999, we are getting close to a full-scale panic about compliance, fines, and the potential loss of business...

By Pieter Engelbrecht 13 Oct 2017


In an effort to protect personal information, the PoPI Act has been signed by the President and is now law. It sets conditions for how to lawfully process personal information.

The Act enforces companies to introduce strict measures and guidelines that will safeguard the processing, usage and handling of sensitive information. It places a strict onus on businesses when it comes to handling personal information about their clients, staff and customers.

The Information Regulator has published the regulations for comment and companies will only have one year from the commencement date to comply or face significant consequences.

Xperien has warned that companies must act before it's too late. CEO Wale Arewa says that if there is a breach, the financial implications can possibly cripple an organisation. "If found guilty, companies will face potential civil claims, fines and reputational damage."

"The PoPI Act will have serious consequences in the near future. It won't be long before we start reading about companies that have been fined for non-compliance and this in turn will encourage other companies to adopt policies that will ultimately protect them from reputational loss," he concludes.

For more:

real estate company admits to being unwitting source of country's largest personal data breach
Massive data leak could be from a credit bureau
Check if your details were in massive South African data leak


Go Back to News Main Page