Last week a major South African domain service provider, Hetzner, was hacked, allegedly compromising personal information. My own website is hosted by Hetzner and on the same day I received an urgent email asking me to immediately pay and renew my domain name or my website and email would be suspended. The email contained my personal information including my home address and contact details, making it look legit. Fortunately, I had already been informed by my web manager about the hack so I double-checked the email address which looked unusual and she confirmed it was a scam. I also followed her recommendation to change all my passwords and login details, and I also registered for alerts on my credit record with Transunion.
A few weeks earlier the largest data breach in South Africa’s history occurred when an estimated 70 million identity numbers held by an estate agency were compromised. This data included highly sensitive information including our identity numbers, address history, credit status and employment history.
Identity verification company ThisIsMe offers a breach investigation tool that allows you to investigate which breaches your email address has been implicated in. However, Manie Van Schalkwyk of Southern African Fraud Prevention Services (SAFPS) says caution should be used when using websites that claim they can verify whether your information was compromised in a security breach. “While there are some legitimate sites, there are many scam sites that have been created which then use your search to verify the information they have. By using those websites you risk falling for a second scam.”
Check your credit report
His advice is to first check your credit record through credit bureaus such as Transunion and Experian to see if any accounts have been opened in your name. If that is the case, you can contact the SAFPS help line on 0860 101 248 to register your ID number on their alert list so that any time an account is opened using your ID number, the credit provider will receive an alert to take additional security measures to ensure it is actually you opening the account. This is not something you want to enter into lightly as it will make the opening of a legitimate account more cumbersome, but if you know your details have been compromised, then it is a small price to pay. The service is free of charge.
TransUnion South Africa is offering a complimentary alert service on the back of the security breaches. “The Alerts may show possible irregular use of your information, which can indicate that your personal information is being used fraudulently to access credit,” says Garnet Jensen, senior director for TransUnion South Africa.
If you suspect that your information has been breached, immediately change all your user names and passwords on sensitive accounts and websites. As a general rule, when dealing online, make sure you have a strong password or use a program such as LastPass to generate a complex password. Set up a two-factor authentication process – for example providing a security question like the name of your first pet and where available, use biometric security measures.
Make your password harder to crack
- The longer the password the harder it is to crack, so use 12 or more characters
- You can use a phrase or sentence as a password
- Avoid names, places and words that can be found in the dictionary
- Include capital letters, numbers and special characters such as punctuation marks