Tag: leak

By Tehillah Niselow for Fin24 

Liberty Holdings customers received SMSs on Saturday alerting them that personal information related to their insurance policies could have been stolen by an external party.

The Information Regulator, which has asked for information about the Liberty breach, is clearly concerned about the increasing number of cyber attacks affecting personal data in South Africa.

“Without a fully functional Information Regulator, these breaches will continue to occur without sanctions provided for in the Protection of Personal Information Act (POPIA),” said chairperson Advocate Pansy Tlakula.

Tlakula urged “the powers that be to assist it in fast tracking its operationalisation”.

According to corporate law firm Michalsons, certain limited sections of POPIA have already been implemented. However, the bulk of the legislation will only commence at a later date, to be proclaimed by the president. As there is a one-year grace period, the POPIA deadline might only be set for the end of 2019 or in 2020.

In the meantime, South Africans are coming under heightened attack from cyber criminals and hackers.

Andrew Chester, MD of Ukuvuma Security, told Fin24 that affected clients or users should immediately alert their banks and cellphone provider. They should also undertake a credit check as well as a Google search to determine whether their personal information is in the public domain.

Liberty email hack

In SMSs to clients on Saturday, financial services company Liberty informed them that its email repository had been breached by a third party trying to demand a “ransom” in exchange for the data.

Liberty has not revealed much about the breach, citing a police investigation. CEO David Munro confirmed that Liberty’s insurance clients were the only ones affected, and that none of its other business had been compromised.

The company said none of its clients have been impacted financially, and that individuals will be personally advised if their information has been affected.

ViewFines licence details

In May the Hawks, the State Security Agency and the Information Regulator said they would probe the breach of personal records of 943 000 South African drivers, allegedly from online traffic fine website ViewFines.

The information reportedly contained the names, identity numbers and email addresses of South African drivers stored on the ViewFines website in plaintext.

The ViewFines website is owned by Aggregated Payment Systems. News24 reported that its operations manager confirmed the company was “implementing security measures immediately” to improve the website after being informed of the breach.

The source of the data was located by Troy Hunt, an Australian security researcher and creator of the free service Have I Been Pwned, which checks whether an individual’s information has been compromised.

Facebook scandal

While Facebook founder and CEO Mark Zuckerberg had to face angry lawmakers in the US and European Union, it was reported that the data breach involving the UK political consultancy affected almost 60 000 South African users.

In May, the Information Commissioner’s Office of the United Kingdom (which regulates Facebook outside the US and Canada) advised the Information Regulator of South Africa that over 87 million people had been affected worldwide.

However, no evidence could be found of South Africans having been targeted, as the majority of users involved were in the US.

Master Deed’s data breach “biggest” digital security threat in SA

Hunt was once again instrumental in revealing what was known as the “biggest” data breach in South African history, together with iAfrikan CEO Tefo Mohapi in October 2017.

Over 60 million South Africans’ personal data, from ID numbers to company directorships, was believed to have been affected.

The information was traced to Jigsaw Holdings, a holding company for several real estate firms including Realty1, ERA and Aida. The information reportedly came from credit bureau agencies, and was used to vet potential clients.

The information trove was found not to have been hacked, as it was stored in an easily accessible manner on an open web server.

Ster-Kinekor’s database compromised

Movie theatre chain Ster-Kinekor was responsible for up to 7 million South Africans falling victim to a data leak in March 2017.

Fin24 reported that Durban developer Matt Cavanagh announced he had discovered a flaw in Ster-Kinekor’s booking website, and that he had reported it to the company.

There were between 6 and 7 million users in the database. Of those, 1.6 million people had email addresses linked to them on the movie theatre chain’s database.

By Eric Limer for Popular Mechanics 

Twitter is suggesting all users change their passwords as a precaution after a reported glitch caused some passwords to be stored in plain text. If you’ve ever used your Twitter password for another service, you’d be wise to change it in both places.

Twitter says there is no evidence of a breach, but the error would have allowed any snoopers inside the system to scoop up unprotected passwords with ease. Typically, passwords are “hashed” before they are stored, a process which transforms them password into a unique series of numbers and letters that can’t be translated back into the actually sequence of numbers and letters you type in. This prevents hackers from snagging a phrase they can try on your other accounts.

Even with no evidence of an actual breach, this bug serves as a good reminder for some basic security hygiene. Use unique passwords for every service you use; a password manager can help you keep track of them all. Turn on two-factor authentication where available (it is available on Twitter). And while you’re at it, go look at the apps that have access to your account. These apps, if they’re insecure themselves, can offer hackers a limited way into your account without ever having to figure out your password.

The Paradise Papers: whose money is where

A new set of data taken from an offshore law firm again threatens to expose the hidden wealth of individuals and show how corporations, hedge funds and others may have skirted taxes. A year after the Panama Papers, a massive leak of confidential information from the Bermuda law firm Appleby Group Services, dubbed the Paradise Papers, has shone another light on the use of offshore accounts.

Here are the highlights so far of the reporting by the International Consortium of Investigative Journalists and partner news outlets on the so-called Paradise Papers. Bloomberg hasn’t seen the leaked documents:

  • The rich may be richer than you thought. Jim Simons, the billionaire founder of hedge fund Renaissance Technologies, has amassed more than $7.5 billion in a previously undisclosed, four-decade-old fund set up in Bermuda. Warren Stephens, an Arkansas banker and Republican donor, used a Bermuda-based family trust to reduce his tax bill and conceal his interest in a payday lender under US scrutiny. And George Soros, a liberal investor who has contributed to the ICIJ, used Appleby to manage a company that carried out reinsurance transactions that can be used to shield wealth from taxes.
  • More than a dozen members of President Donald Trump’s inner circle, including Secretary of State Rex Tillerson and top economic adviser Gary Cohn, held undisclosed offshore companies. Robert Mercer, a Republican donor who just said he would step down as Renaissance Technology’s co-CEO, was revealed to be a director of more than eight of RenTech’s offshore subsidiaries, who used other offshore firms to shelter money his family funneled to political causes. The Blackstone Group, co-founded by Trump economic adviser Stephen Schwarzman, used trusts and companies registered in tax havens to avoid paying taxes on two UK commercial
    properties.
  • After Irish officials closed a tax loophole that had allowed Apple to avoid billions of dollars in taxes, the US tech giant enlisted international law firms to help it find a new tax home and settled in the English Channel island of Jersey, the New York Times reported. The documents helped solve a two-year mystery of where the world’s biggest company by market capitalisation is booking a big share of its revenue.
  • Want to register a private jet in the US? Bank of Utah manages more than 1 390 aircraft trust accounts that obscure the identities of the jets’ (largely foreign) owners, the New York Times reported. Among the wealthy foreigners said to use the bank’s services: Russian oligarch Leonid Mikhelson, an ally of Russian leader Vladimir Putin whose gas company is under US sanctions.
  • US Commerce Secretary Wilbur Ross faces questions about his financial disclosures to Congress and the government after a report that he didn’t disclose business ties to the son-in-law of Russian President Vladimir Putin and an oligarch under US sanctions. The Appleby documents included details of Ross’s stake in a shipping company, Navigator Holdings, according to the New York Times.
  • House Republicans should slow down their consideration of a tax-overhaul bill after the investigative reports alleged offshore tax-avoidance by US multinational companies including Apple and Nike, congressional Democrats and tax-advocacy groups said.
  • The Monetary Authority of Singapore said it’s reviewing the documents and will take action against any financial institution or individual that breaches regulations. The regulator made the remarks on Wednesday after the consortium said that some of the files came from Asiaciti, a Singapore-based family-owned trust company. Asiaciti denied any wrongdoing.
  • Canadian tax authorities are reviewing reports linking a key fundraiser for Prime Minister Justin Trudeau to offshore trusts in the Caribbean. Montreal-based businessman Stephen Bronfman, son of billionaire Charles Bronfman, was among the individuals cited by news organisations including the Canadian Broadcasting Corporation, Radio-Canada and the Toronto Star in Sunday’s leak of bank documents.
    Commodities trader Glencore Plc was one of the top clients of Appleby, which even had a “Glencore Room” at its Bermuda office that kept information on the trader’s 107 offshore companies, according to the ICIJ investigation. (Peter Grauer, the chairman of Bloomberg LP, is a senior independent non-executive director at Glencore.)
  • Prominent Silicon Valley investor Yuri Milner, who was an early backer of Facebook Inc., partnered in two investments with the Russian state-controlled bank VTB Bank PJSC before it was sanctioned, his spokesman confirmed Friday. Details about the relationship between Milner and VTB surfaced in the wake of the Paradise Papers.
  • Indonesian authorities are investigating if former presidential candidate Prabowo Subianto and the children of ex-dictator Suharto, named in the leaked documents, are in breach of the country’s tax laws.
  • A North Korean was listed in the leaked documents as a shareholder in a Malta-based company which may have been involved in the overseas transfer of North Korean construction workers, according to Newstapa, a South Korean partner of the ICIJ.
  • Queen Elizabeth II of the UK made a series of investments in a Cayman Islands fund through the British Royal Family’s private estate, the Duchy of Lancaster, according to The Guardian newspaper.
  • Lord Michael Ashcroft, a major donor to the UK’s Conservative Party, had links to a Bermuda-based trust with assets worth as much as $450 million, The Guardian reported.
  • The Dutch Finance Ministry said it will review whether more than 4 000 cross-border tax rulings were issued in accordance with procedures. The decision follows the publication of an article in Het Financieele Dagblad reporting that correct procedures weren’t followed in an agreement between the Dutch tax authority and Procter & Gamble Co. “P&G has fully transparent relationships with governments and tax administrations worldwide,” the company said in a statement. “We may seek confirmation from governments and tax administrations that our interpretation of tax laws is correct. This is what was done in this instance.

Source: Marcus Wright for MoneyWeb / Bloomberg

Have you been breached?

It seems like there is a new data breach every other day, causing companies untold embarrassment and reputational damage when customers’ private details are leaked.

A new Web site called www.haveibeenpwned.com allows you to see if your details have been compromised by a data breach.

Simply click on the link, enter your email address and click the pwnd? button to find out if you’re a victim.

Major data breaches

Some high profile leaks in the last while include:

  1. RNC (2017)
    A misconfigured database containing the sensitive personal details of over 198-million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump.
  2. Zomato (2017)
    Zomato, which provides users with an online guide to restaurants, cafes and clubs, reported that data from 17-million users had been stolen, including email addresses and hashed passwords.
  3. NHS (2017)
    The recent WannaCry ransomware infected 47 NHS England Trusts and hundreds of companies across the world.
  4. ‘Eddie’ breach (ongoing)
    Security researchers at the Kromtech Security Research Center discovered a massive database of 560-million login credentials which is believed to come from up to 10 popular online services such as LinkedIn and Dropbox, obtained during previous data breaches.
  5. Wonga (2017)
    Payday loan company Wonga has fallen victim to a large data breach that could have hit as many as 245,000 of its customers including bank account numbers and sort codes.
  6. Tesco Bank (2016)
    Late last year, Tesco Bank, the consumer finance wing of the British supermarket giant, froze its online operations – after as many as 20 000 customers had money stolen from their accounts.
  7. Sage (2016)
    As a FTSE-100 firm, the apparent insider attack admitted by accounting and HR software firm Sage could turn out to be one of the most important in UK data breach history if its scale is confirmed.
  8. Ashley Madison (2015)
    In July 2015, a group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group leaked more than 25 gigabytes of company data, including user details.
  9. Mumsnet (2014)
    A direct victim of the infamous and widespread Heartbleed SSL software flaw, the compromise allowed hackers to access anything up to 1,5-million user accounts on the hugely popular site, its owners revealed.
  10. Yahoo (2013, 2014)
    It seems hard to pin down just one data breach spawning from Yahoo’s 22 years in business. Last year appeared to unearth a mammoth lack of security on Yahoo’s part with reports uncovering a breach affecting over 500-million Yahoo user accounts during 2014.
  11. Sony PlayStation Network (2011)
    The largest data breach in history at the time, Sony’s disastrous 2011 breach saw hackers make off with the customer records of 77-million people relating to its PlayStation Network, including a small number revealing credit card numbers.

Sources: www.techworld.com; wikipedia; www.haveibeenpwnd.com

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top