By Professor Danny Myburgh, Managing Director at Cyanre, The Digital Forensic Lab
On Friday night 25 March 2022 the hacking group known as N4ughtysecTU, re-released massive quantities of previously leaked private information of South Africans. Between all the data breaches that have taken place in South Africa over the past two to three years we have to acknowledge the fact that all our data is out there – where criminals use and abuse our data.
As citizens, the three major questions we should answer are:
- Why is our Data so valuable
- What will criminals do with it and
- What should I do?
The first two questions are relatively simple to answer. Criminals and organisations “dealing in data” will perform data enrichment with the data. During this process they will take different sets of leaked data and will combine it. Say for example that in one data leak your ID number, email address and telephone number were leaked and in another your ID number, bank account number and a password. By combining these two sets, they now have a record that contains your ID number, bank account number, your email address, your password and your telephone number.
With this information criminals can perform a number of actions. They could:
- Phone (Vishing – voice phising)you pretending to be from your bank, because they can convince you that they have access to all your data (social engineering) – and they do! With this they could persuade you to enter your PIN by directing you to a false website (Spoofing).
- Perpetrate Identity theft, whereby they use your identity to commit fraud.
- Use the information during a Big Game Hunting attack whereby a large enterprise is hacked and more data is exfiltrated or ransomware is executed. Or it could be used to access your mail account and you could be extorted if they, for example, find naked pictures you distributed, or changing banking detail of a transaction you busy with – also known as a Business Email Compromise (BEC) or Man-in-the-middle attack.
The second aspect to consider, now that your data has been leaked is – what can you do about it or how do we learn to live with it?
Here are some stapes you can take, and should be taking regularly as a matter of principle going forward:
- Find out what was compromised by contacting the company that was breached.
- Check for updates from the company which was breached.
- Find out what support the Responsible party (the hacked organisation) will provide.
- Do not use the information that may have been compromised to confirm your identity in future. Rather use other personal information that you have not used previously.
- Change your password for the compromised site and regularly change all your passwords and don’t share it with anybody.
- Change your security questions.
- Don’t use the same password everywhere.
- Consider your rights and legal recourse.
- Watch your bank accounts and, check your credit reports.
- Freeze your credit if you suspect that it has been breached.
- Consider identity theft protection services.
- Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
- Do not disclose personal information such as passwords and PINs when asked to do so by anyone.
- Activate two-factor authentication on all your accounts where possible.
There are many role players and different levels of responsibility when we consider the safety of our personal data. Ensure you know what your responsibility is and how to take relevant steps to protect your own data and keep it as secure as possible.