- The personal data of 1.4 million South Africans – including details of outstanding debt – has leaked online.
- The cache also contains recordings of calls from debt collectors.
- Debt-IN, the company from which the data was stolen, says it is trying to get it removed, but that is complicated.
- For more stories go to www.BusinessInsider.co.za.
If you know just where to look, you can now find the personal information of 1.4 million South Africans online, including such details as employer and salary date, alongside ID number and contact details.
The cache of data also includes details of how much money those people owed, how much they repaid, and "voice recordings of calls between Debt-IN debt recovery agents and financial services customers", says the company from which the information was stolen.
Debt-IN was breached in April, but only found out in September, when one of its partners discovered the information online in what it described in a statement as a "highly-focused 'sweep' of data posted on a the [sic] hidden collection of websites that can only be accessed by specialised browsers", more commonly known as the dark web.
See also | 'A number’ of African Bank customers hit in ransomware data theft – unnoticed since April
It was "able to definitively confirm that the data was the personal information of some 1.4 million consumers on 17 September 2021," said Debt-IN on Wednesday.
Debt-IN has not provided details of how it was looted, beyond references to a "ransomware attack", or who was responsible, beyond broad references to "highly sophisticated cyber criminals and their proxies."
Getting the data dump removed is a "very complex challenge", the company said, and it can not speak of efforts to do so "given the highly sensitive nature of the case."
Debt-IN is a 13-year-old company based in Durban which says it works with "retail, private and public sector clients" to bring in overdue debt.
Also on Wednesday, African Bank said it had reached out to its clients affected by the breach.
Debt-IN referred customers to the email address firstname.lastname@example.org, or the toll-free telephone number 0800 079 661.
(Compiled by Phillip de Wet)