The South African Police Service (SAPS) has downplayed the magnitude of a recent Web site breach that resulted in the publication of personal information belonging to about 16 000 whistle-blowers.
Names, telephone numbers, e-mail addresses and identity numbers of thousands of individuals who submitted information via the SAPS's Web site were mined and published on bulletproof sites last week.
The hacker - believed to be associated with hacktivism group Anonymous - is said to have performed a data dump on Friday, after downloading details from the SAPS Web site's e-mail server.
No compromise
The SAPS was informed by the State Information Technology Agency (SITA), which hosts the Web site, on Tuesday that information had been unlawfully obtained.
While security experts say the breach boils down to inadequate cyber security measures on the SAPS Web site and could have been avoided, the police said yesterday that SITA's remote site management means no sensitive information was compromised.
"SITA hosts and manages the Web site of the SAPS separately from the rest of the corporate systems of the SAPS. For this reason, no criminal information or case information was compromised at all."
The SAPS adds its corporate systems are hosted in a Pretoria CBD building, while the service's Web site is hosted in SITA's Centurion-based data centre. "They are, therefore, hosted in completely different buildings with no link between the two."
"The SAPS can state that no case information or classified information was compromised as this information resides in the mainframe systems of the SAPS, which is hosted separately from the Web site.
"The SAPS has made a facility available on the Web site where a person may log a request to be addressed by a specific station or division, or merely give a compliment. The person may log the request either with a name and contact detail, or anonymously, depending on his/her choice. The persons who submitted their names and contact details made it available in order for a representative of the SAPS to contact them. This list was also available for the people who hacked into the Web site.
"Furthermore, the information that was accessed was information that is published usually, and names and contact details of divisions and provinces, which is made public on the Web site in any case."
However, SITA has conceded the breach was due to an oversight on its part and says it has "since addressed the security on the details".
The police say the Web site will always be targeted by the hacker community. However, the SAPS states that, due to the Web site set up, "no corporate information of the SAPS will be compromised if and when the Web site is accessed unlawfully".
Share