The Independent Communications Authority of SA (ICASA) has admitted to a flaw on its Web site that allowed complainants to view each other's information.
The authority says it takes responsibility of all complaints lodged by consumers through its Web site.
It engaged its service provider to investigate the glitch, which was highlighted by one of the consumers who alleged that complaints lodged through the ICASA Web site can be viewed by other complainants by simply changing the number on the return link and refreshing that link.
“The service provider confirmed that this is indeed a problem as it was possible for someone to change the file reference number and then be able to view someone else's information.”
ICASA stresses that no information is intentionally leaked by the authority and says access to the data was very limited.
“Of note is that the Web site does not request bank account details. However, the problem was identified and the feature was immediately disabled.”
The complaints Web page will now be enhanced to advise the complainant against sending any personal or financial information to ICASA as part of any complaint procedure, says the authority.
It adds that other corrective measures taken as a result of the problem include it resolving to expedite the procurement of an SSL certificate for its Web site.
An SSL is a security certificate similar to those used by financial institutions and will enhance the security of the site and encrypt the data.
ICASA says a meeting was scheduled with the service provider to discuss the problem and identify steps to ensure this does not recur.
“Parts of the discussion were safeguards on the ICASA Web site to avoid the site from being hacked. The authority would like to reiterate its commitment to ensuring that all complaints are treated with the strictest confidentiality.”
Share
