In Capsule:

Personal records of 31.6 million South Africans were found online Breach was discovered by Troy Hunt, an Australian security expert The 27GB of data was discovered which contain 2.2 million valid email address Data contains information like ID numbers, age, number and other sensitive details.

Security researcher Troy hunt has discovered personal records of 31.6 million South Africans on publicly accessible web server available for download.

Troy Hunt‚ Australian security expert‚ said that he got the information earlier this year itself but only checked it earlier this week.

Among the 27GB data, it contains 2.2 million valid email address, personal information like ID numbers‚ ages‚ locations‚ marital status‚ occupation‚ estimated income‚ physical addresses, cell phone numbers, and details about property ownership, employment history, income, company directorships were also found.

Hunt discovered the data among a large dump of other breaches and identified it by checking the personal details present in it.

The breach may have occurred in March 2017 or before according to date in the database file.

Hunt said that breach is severe because many people have sent their ID number to check and he has found the records of all of them in the database.

Leaked data has been traced to a Web server registered to a real estate company in Pretoria.

You may be interested in reading: Holyrood Officials Suspect China Behind the Recent Cyber Attack on Scottish Parliament

When checked in Whois lookup, it was shown a company named Jigsaw Holdings which holds several real estate franchises.

According to report the company first responded with time for investigating the issue and after that, there was no response from the company.

The website contains 75m database records in which 60m of those records where personal details of South African citizens.

The Southern African Fraud Prevention Service (SAFPS) has warned users not to attempt to check if their information were present in the breach or not.

“I warn consumers against attempting to verify if they are in the database or anybody offering services like that, you could be leading yourself into further jeopardy by providing somebody else with data with the understanding that you will verify if you are on the leaked dataset. You might provide legitimate information to an illegitimate source,” said van Schalkwyk of SAFPS.

He also said customers should check their bank for any suspicious activity and they could apply for protective registration through the fraud prevention agency.

Lieutenant General Yolisa Matakata, Acting National Head of the Hawks said that they have already started investigating the data breach.

Brigadier Hangwani Mulaudzi, Hawks spokesman, said that “The Hawks typically does not comment on ongoing investigations, however, in light of the intense public interest and the potential impact of this matter, the Hawks are collaborating with other law enforcement agencies and stakeholders investigating the data breach.”