Jigsaw blocks access to servers after data leak

The personal records of just over 60 million South Africans could have been publicly available for download for the past two and a half years.

The company confirms the data belongs to them.

It has since launched an investigation to determine whether its servers were breached and the data possibly stolen. 

Jigsaw first became aware of the leak upon request for a statement last Wednesday.

"Upon being informed of the alleged breach, we took immediate appropriate measures to further investigate the issue and secure all our servers, which included a total block of access to the servers and the appointment of an outside team of forensic investigators," Jigsaw director Pieter Ferreira says in a statement. 

LISTEN: Crimes you could be exposed to due to data leak

He says the company has spoken with the relevant authorities and pledged its full support during the investigation. 

"Due to the sensitive nature of the investigation, we are not in a position to provide any further information relating to the investigation."

A web security expert who found the 'Master Deeds' file says both the file and web server are dated April 2015.

It contains sensitive information, including ID numbers, addresses and contact details. 

Data leak 'possibly started in 2015 already'

Microsoft regional director in Australia, Troy Hunt, further confirms the information has been exposed, at least for the past seven months.

"So we know that at the very least it was exposed in March when someone sent it to me and it was still exposed yesterday (Tuesday)," Hunt told Jacaranda FM during a Skype interview. 

He says the file was found on a "publicly accessible web server".

"It came from a location where the data was still exposed," he explains. "This was simply a web server facing the public web with no password, no authentication or password controls."

The 27 gigabyte file contains names, ethnicity, ID numbers, contact details and 2.2 million email addresses, among others.