Ashley Madison hack 'a lesson' for SA firms

Cape Town - The data dump by the hackers is a warning to South African firms on the importance of securing client information, says a local expert.

Hacker group The Impact Team stole over 30 million users' personal and financial information from the cheating website.

"In the case of the Ashley Madison website, it is interesting to note that the apparent driving factors for The Impact Team's hack is related to moral reasoning, where they are attempting to stand up against the use of the website which enables people in relationships to cheat on their partners," said Candice Sutherland, business development consultant at Stalker Hutchison Admiral Specialist Underwriters.

"The nightmare may not be over for the victims as the hackers still have over 290GB of photos and emails which are yet to be released," said Sutherland.

In Canada, Ashley Madison is already facing a $578m class action lawsuit over the breach.

If this breach had to happen to a South African company, Sutherland indicated that heavy fines could be imposed.

This is because local companies that fail to take adequate measures to protect client information on the internet could find themselves in breach of the Protection of Personal Information (Popi) Act.

"Popi aims to give effect to the constitutional right to privacy and therefore restricts the unauthorised access to information regarding the educational, medical, financial, criminal or employment history of an individual as well as their personal details such as ID numbers, contact details and physical addresses," Sutherland said.

"In addition, all personal details that are shared with an organisation in confidence, be it race, gender, marital status, religion, culture, sexual orientation and even language, are protected under Popi legislation and a breach of the act can result in a fine of up to R10m or 10 years in prison."

A regulator for Popi has yet to be appointed, but South African companies are still expected to toe the line.

Data loss protection

South African companies could also be particularly exposed if an Ashley Madison style breach had to happen locally.

According to a report from security specialist firm Trustwave, only 38% of local companies said that they had organisational measures in place to prevent the loss of unauthorised data.

And in the event of a data breach, the risk is that few local organisations would even divulge data loss.

"In South Africa, no. Nobody's going out there to publically announce that they had a data breach. That would be quite catastrophic for them. However, I do agree that there is a responsibility with that company to go through that process to notify you - not 32 days later," Andrew Kirkland, Trustwave regional director for Africa told Fin24 recently in reference to a high profile Sony attack.

Do you think local companies are doing enough when it comes safeguarding your information online? Tell us by clicking here.

- Follow Duncan on Twitter

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot