The past several years have seen a growth in the demand for internet access across Africa. This increased sharply thanks to the COVID-19 pandemic. As a result, there has also been a sharp increase in cybersecurity-related incidents across the continent such as ransomware, botnets, and data breaches to name but a few.
For over five years we, at iAfrikan.com, have broken stories about major data breaches and leaks across Africa. Some, we’ve reported on publicly, while others were too sensitive and we simply notified the relevant authorities without publicly reporting on them.
These include the 2016 data leak of Kenya’s KCB Bank customer details in which approximately 500,000 personal records of their customers were leaked as a result of an “amateur” bug in their mobile banking app.
Then there was, at the time, South Africa’s largest-ever data leak in 2017 where we traced the database back to a data aggregator company called Dracore Data Sciences, which put a database together of about 60 million personal records of South Africans for their real estate client. Somehow, between Dracore and Jigsaw Properties, the database was left available on a public directory online, on a web server that belongs to Jigsaw.
Following that were several other ransomware attacks and data breaches but notably, we revealed how ViewFines left a database with 934,000 personal records of their users (including plaintext passwords) on a publicly available directory on their web server. Only for someone to find this database and leak it on another public website.
In investigating and reporting on data breaches and leaks in various African countries (both those we publicly reported on, and those we investigated privately), we have come to observe and learn several things. As such, we have published a research report in which we share some of those insights as well as lessons learned researching data breaches and leaks in South Africa.
In the research report titled “Data Breaches in South Africa,” we use another high-profile data breach in South Africa, the one that took place at Experian South Africa in 2020, as a case study.
Our aim is also to highlight what organizations, not only in South Africa but globally, need to take care of in order to minimize and even eliminate data breaches.