The City of Johannesburg (COJ) has announced it has officially opened a criminal case at the Hillbrow police station in the city after its online services system was apparently hacked.
The case was opened after a thorough forensic investigation by the city and its IT partner, says the statement.
"We would like to reassure all residents that the necessary legal and technical steps are being taken to prevent similar incidents in future and that our residents' confidential information is safe and secure."
Last week it was revealed that the online services system that allows residents to view their account statements online, also allows residents' names, addresses, account numbers, PIN codes and financial details to be available to anyone with an Internet connection. The flaw was revealed by CTO at Bid or Buy, Gerd Naschenweng.
The system is still inactive after the city took it down last week to fix the security flaw.
Director for applications at COJ Richard Nene initially explained that residents can register on the Web site to be able to view their account statements online. Residents access their statements by logging in with their account number and a PIN.
He said the security flaw allows a person to log in using his personal details, and then by changing the account number while staying logged in, being able to view other residents' statements.
However, on Thursday Nene refused to comment any further citing the legal proceedings now being undertaken.
It is unclear whether the legal steps taken by COJ are directly against Naschenweng, but on Thursday he had not yet been criminally charged. Naschenweng told ITWeb that COJ's claims that the incident was the result of a sophisticated hack are absolute rubbish. "I don't believe that I've done anything wrong. If they want to file criminal charges against me, they are welcome to. It is a pity they choose to embark on this witch-hunt, instead of just being transparent about this."
ITWeb has asked COJ why the initial security flaw is now regarded as a system breach, but has still not received a response.
Share