Email, phone scamsters among biggest buyers of illegally obtained data – expert

Email and phone scamsters were among the biggest buyers of illegally obtained personal data, says a cyber security expert in the wake of the Experian data scare.

Experian, a leading credit bureau, alerted its stake holders in the banking sector that a suspected fraudster gained temporary access to the personal information of as many as 24 million South Africans and 793,749 businesses.

According to cyber security expert and lecturer at the University of Johannesburg Basie van Solms, the identities and personal information stolen in these data breaches end up in a data black market where personal data that was legally sold and shared among companies is stolen and sold or used by scamsters.

“The guy who stole this data, he was not necessarily stealing banking information, he was maybe stealing information from a person’s credit records for instance. Those people could then can be the target of a scam where you get a call from a company that is consolidating loans and they tell you they will make an arrangement on your behalf.”

Marketing companies often obtained big data from third party entities, some of which were not above board, added van Solms.

This is where legislation is needed to prevent the risks that come with the commercialisation of data. The signing into law of the Protection of Personal Information Act of 2013 (POPIA) in June this year, meant that soon companies would no longer be allowed to sell data to third parties. POPIA became effective on 1 July 2020.

ALSO READ: Fraudster who breached personal details of 24m South Africans has been found

Bongekile Filana, CEO of AlgoRythm Tech, said the regulation of this industry was essential in ensuring the right to privacy and security of personal information.

“Data privatisation is not legislated that’s why even Western countries continue to exploit our data privacy. There is no policy legislation that is prohibiting people from using private data.It is up to companies to protect their information and data through security measures like hardware & Software firewall to make sure that unauthorised people are unable to invade their data store warehouse,” said Filanan who serves on the Board of Directors at National Electronic Media Institute of South Africa.

“Strong encryption for personal computers is encouraged. Communications Minister Stella Ndabeni-Abrahams and the 4IR Commission are working on data privacy policy that will regulate data commercialisation &privacy.”

According to Nedbank spokesperson, Annaleigh Vallie, the bank has launched an investigation into an incident which resulted in Experian SA sharing personal information with a perpetrator who requested the information under false pretences.

“It is a credit industry requirement for credit providers to share credit information with various credit bureaus, hence Experian SA was in possession of such information,” said Vallie.

Nedbank, among other banks and banking industry bodies, including the South African Banking Risk Information Centre (SABRIC) and the Banking Association of South Africa (BASA), was engaging with Experian SA in relation to this incident.

“The safety and security of client information is a top priority and Nedbank clients’ bank accounts are not at risk. Clients are encouraged to continue to be vigilant and adhere to normal safe banking practices.”

Simnikiweh@citizen.co.za

For more news your way, download The Citizen’s app for iOS and Android.