The City of Joburg (COJ) has taken down its online services system, after reports surfaced yesterday of a security flaw that may have compromised ratepayer information.
Media reports revealed the online services system that allows residents to view their account statements online, also allows residents' names, addresses, account numbers, PIN codes and financial details to be available to anyone with an Internet connection.
Director for applications at COJ, Richard Nene, has confirmed this is indeed the case, but says the city only realised this when it was pointed out to the media by a resident yesterday. "It is actually a good thing that this was highlighted to show we have to bring in another security parameter to make people's information secure."
He explains that residents can register on the Web site to be able to view their account statements online. Residents access their statements by logging in with their account number and a PIN. Nene says the security flaw allows a person to log in using his personal details, and then by changing the account number while staying logged in, being able to view other residents' statements.
He says the COJ will undoubtedly remove PIN numbers from the statements, ensuring that even if a resident's account is accessed, his or her PIN is still hidden. The city will also fix the security flaw before putting the system back up.
He was unable to confirm when the system will be accessible again, but says the city will issue a statement on the matter as soon as the system is up and running.
Nene was unable to confirm whether any residents' information has been taken from the system for malicious intent. He believes, however, that the person who discovered the flaw in the system is someone with some IT knowledge and was, therefore, able to detect the error.
An Ekurhuleni resident has reportedly said the same vulnerability exists in the Ekurhuleni Municipality's online system. Ekurhuleni spokesperson Sam Modiba told ITWeb the municipality is unaware of any security flaws in its system, but says its IT department will check if such a flaw exists.
COJ has come under fire this week, with commentators saying its proposed plan to send 700 000 bills via MMS every month is another billing crisis in the making, as its core database is inaccurate and flawed.
The inaccuracies in the city's database were highlighted earlier this month when the city apologised to the Mandela family after confirming a pre-termination notice was incorrectly delivered.
Share