How Gidani nearly lost the lottery licence

2012-02-27 12:09
Johannesburg - Confidential recordings of National Lotteries Board meetings reveal for the first time the true severity of a security breach which saw winnings looted in the R4bn-a-year competition.

The breach saw an employee seconded to national lottery operator, Gidani duplicate winning tickets which were about to expire and collect R250 000 in winnings during 2009.

It was so serious that the Board - the state’s lottery oversight body - considered withdrawing Gidani’s licence, worth nearly R400m a year, and controversially awarded in 2007.

Over the last year media reports have speculated about the breach and a Carte Blanche insert identified some detail of how it was orchestrated and the employee accused of it.

Leaked recordings

At the same time the Board and Gidani have repeatedly downplayed the severity of the security breach first mentioned cryptically in the Board’s annual report.

But nearly seven hours of recordings leaked to Media24 Investigations tell another story.

They show how, over meetings at the end of 2009, the Board – far from downplaying the seriousness of the breach – grappled with what do and discussed how:

- Two security audits questioned the operator’s security measures to protect confidential lottery data;

- The failure to secure the data appeared to be a blatant breach of Gidani’s lucrative licence agreement and that it could have lost the licence;

- The lottery could have been plundered weekly using the same security hole – and that Gidani (and its business and technical partner, Intralot’s) internal security systems would not have picked it up, and;

- The breach was discovered by accident by a colleague who noticed the alleged perpetrator behaving strangely.

'Major breach'

The recordings reflect Board chairperson Joe Foster saying: “This is a major breach. We can’t just allow this to just go by the wayside, we need to teach them a lesson. They need to pay for their sins.”

Lottery CEO Vevek Ram described how a whistleblower within Intralot SA had approached Gidani’s CEO, Bongani Khumalo, and “told him, listen, I think there’s something going on”, after which Gidani had arranged surveillance of the man.

“They followed this guy around and they looked at surveillance cameras and all that, and they found him out. And they confronted him, and then he confessed.

“Had the whistleblower not come forward, this fraud would be continuing as we speak,” said Ram.

In the recordings Ram speculated that the technician could easily have stolen as much as R50 000 to R100 000 a week undetected. If there had been R1.5m to R2m in unclaimed prizes available in a particular week, it would have been possible for him to take up to R250 000 in a week without being noticed.

The board had initially considered revoking Gidani’s licence, because it had breached two crucial conditions of its licence – failing to take preventative measures to stop fraud and the theft that resulted from the security failures.

At the time, Gidani already had a R5m suspended sentence hanging over its head because of another breach of the licence – relating to unauthorised lottery network access.

But after considering the damage another stoppage would do to the lottery, less than two years after a six-month hiatus in the competition due to the dispute over Gidani’s initial award of the licence, the board instead decided to fine the company.

There were also concerns in the Board about whether similar problems existed in other countries where Intralot operated and that the Board considered sounding the alarm internationally.

The recorded discussions show how members of the Board became more suspicious over Intralot, a listed Greek company with operations in 53 countries.


The decision to fine Gidani an effective R7.5m was considered a slap on the wrist, by at least one board member with whom Media24 Investigations spoke, although other experts said it was fair.

Last week Gidani insisted the problem was not as serious as the recordings suggest, insisted it had been unfairly fined – and that its security systems had always been water-tight.

What made the breach even more shocking to the Board was the fact that two independent security audits – the first one done at the board’s insistence by auditing firm KPMG in 2008, and a second audit by an independent expert some months later – had shown vulnerabilities in the databases containing the prize winner data. The fraud had, therefore, been entirely avoidable.

After the breach, meetings reveal, Intralot brought in two technicians from Greece to restore security.

But before the breach was discovered the IT manager working for Intralot was able to steal a quarter of a million rand in unclaimed prizes between April and July 2009.

The employee faced criminal charges which are still pending.

This meant that someone with a winning ticket could have claimed a prize, only to be told it had already been claimed.

The breach was cryptically referred to in the Board’s 2011 annual report which said Gidani had received a R7.5m fine for “a contravention of […] the Licence Agreement”.

- Listen to the recordings

- Lotto tapes: Gidani responds

- Media24 Investigations
Read more on:    gidani  |  lotto

Join the conversation! encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

How much food do you need to concentrate?

We have been taught that we need three meals a day in order to make it through the day and while most of us indulge in more than our fair share there is a large portion of South Africans who are living off barely enough to sustain them.


Book flights

Compare, Book, Fly

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.