Info regulator to approach Hawks, SSA over Viewfines leak
Investigations are underway after yet another major data leak involving an online traffic fine information service.
The Information Regulator will be writing to the Hawks and the State Security Agency to offer its assistance with the investigation into the recent leak of close to one million records.
It emerged last week that a server, containing more than 934 000 records, including roughly 788 000 unique email addresses, was published online.
The compromised information includes plain-text passwords, ID numbers, as well as contact particulars, among others.
The file is believed to belong to the online traffic fine service Viewfines.co.za, which has admitted the leak - seemingly accidental - could have come from its site.
One of its owners, Stephen Birkholtz, said Friday they were still trying to determine how the data was exposed.
ALSO READ: Hawks probing Viewfines leak
Advocate Pansy Tlakula, who was appointed as the Information Regulator in 2016, says they have now also written to the Aggregated Payment Systems (APS) to express concern over the leak.
According to its LinkedIn page, APS - with which Birkholtz is also associated - is a "database of outstanding fines collected on behalf of contracted service providers".
It further states APS has contracts with three major banks - Absa, FNB, and Standard bank; the Post Office and; retailers such as Pick n Pay, Shoprite Checkers, and Spar.
These service providers are linked with traffic law enforcement agencies and Viewfines - the company states - "brings all this information together for the public under one umbrella".
It is unclear whether the compromised information belongs only to motorists who have registered with Viewfines, or whether a larger group of motorists are implicated.
But Jacarandafm News has managed confirm at least one email address registered with Viewfines has been implicated, according to am email-check on haveibeenpwned.com
(Click here to see if your email address was among the 788 000 thousand exposed)
Proactive protection of information
Tlakula admits, as certain sections of the Protection of Personal Information Act (POPI) are yet to come in effect, her office is unable to take steps against information holders for compromising data.
"We cannot take any concrete action against them," she said by phone, "but we encourage all responsible parties to ensure that they get used to the idea of complying with the Act."
This is the second major data breach in South Africa since October 2017.
Around 60 million records, in a file named 'Master Deeds', was discovered on a publicly accessibly server, in what is now being described as the biggest leak of personal information that South Africa has seen.
The Hawks expects an updated report into its investigation into the incident some time this week.