Personal Information - The raw material of Cybercrime

Posted August 8, 2018
Written by Mark Heyink
Since before 2002 I have been actively involved with attempting to create awareness relating to, among other things, the importance of the protection of our personal information and the necessity to address information security and cybersecurity on the one hand and cybercrime on the other. In making representations on the Electronic Communications and Transactions Bill, prior to its enactment I expressly addressed the issue of cybercrime and the fact that in countries where data protection laws have been established this was seen as one of the primary steps to combatting cybercrime. Readers of my articles will know that I have lamented the negligence of government in its failure to deal with these issues properly. So too have I lamented the fact that unscrupulous business has taken advantage of government’s delinquency, placing financial gain ahead of the constitutional rights of citizens and in the vast majority of cases failing to protect personal information.

The damage that has been caused to our citizens by delays in the development and promulgation of appropriate law and the resultant failure by large processors of information in South Africa to protect clients is well illustrated by the Liberty Life hack. So too is the attitude of so many of our blue chip businesses to the protection of personal information reflected in Liberty Life’s responses to its clients and the public.

In that regard I provide a link to an article authored by me which was published in the Money section of the Business Times on the While you are invited to read the article, the simple point is that Liberty Life trivialises the fact that vast volumes of clients’ information had been hacked emphasising that there had been “no financial loss”. The point that Liberty avoids is that the compromised information is precisely the information (one can only assume that much of this information could be commercially sensitive) that allows criminals insight into the financial affairs of clients enabling them to perpetrate frauds.

The conclusion is inescapable. Due directly to government’s failure to address the issue of how we need to protect personal information in the 21st century, processors of personal information, particularly some of the larger processors of personal information, have not established the appropriate security measures. The ease with which cybercriminals are able to access personal information enabling them to credibly masquerade as legitimate actors in interactions with citizens, is certainly one of the reasons that South Africa is the second most targeted cybercrime country in the world. What has happened with Liberty is not an isolated incident and many organisations are aware that their clients’ information has been compromised. Unfortunately, many of these organisations, in order to hide their own failings and in view of the fact that until the commencement of PoPIA is proclaimed they feel it is “OK” not to notify their clients of data breaches. This only serves to evidence the lack of ethical governance in the organisations that choose this approach.

As we are all data subjects, when the organisations that employ us are guilty of failing to protect personal information we should be asking "... would I be happy if my information is not processed securely and a compromise is not disclosed to me?"

©Mark Heyink 2018

  • 08 August 2018 - 13:41:00
    On the 25th July 2018 as a result of announcements that were made by Facebook relating to its future revenues the market value of Facebook dropped by US$ 148 billion (or R1,95 trillion). This is almost half of South Africa’s total GDP in 2016.

    While there may be several reasons for the decline in Facebook’s revenue which led to the sell-off of shares, one of the three primary factors for the decrease in projected profitability of Facebook is the focus on privacy and security

  • 08 August 2018 - 13:36:00
    As I wrote in a previous article, South Africa according to the PWC Global economic crime and fraud survey of 2018 suffers the second highest number of cybercrimes of all the countries in the world. While I have no statistics to support this I would suggest that internet banking fraud must rank as one of the primary attack vectors for cybercriminals.

    The Ombudsman for Banking Services of South Africa (Ombud) reported that for the first time in 2017 internet banking fraud was the category of crime that was most prevalent of the disputes that the Ombud has been requested to deal with. No less than 1377 internet banking complaints were closed by the Ombud in 2017. It is clear that significantly more citizens are victims of internet banking fraud as not all of the matters have been referred to the Ombud.