This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print this page

Identity theft - a major threat to individual, corporate and national reputations

Johannesburg, 31 October 2013 – Recent examples of identity theft have not only highlighted the apparent ease with which South African documents are falsified, causing reputational damage to the country, but also generally raised awareness internationally about the vulnerability of data containing sensitive information, says professional services firm, Deloitte.

Recent events that have focused adverse international attention on identity theft in South Africa have included the use of a false SA passport by Samantha Lewthwaite, a British citizen and widow of one of the so called 7/7 suicide bombers, who was reportedly involved in the Nairobi Westgate attack.

Another example was the imposition of visa requirements on South Africans by the UK, after it was found that about 6 000 illegal Asian immigrants had been smuggled into Britain using South African documents, says Bruce Thornton, Associate Director in Risk Advisory at Deloitte.

“These events focus attention on the growing incidence of ID theft across the world. A major focus is on the global data revolution and the fact that it is estimated that 90% of the data in the world today has been created within the last 24 months. Much of this data contains personal information, and carries the risk that this personal information can be obtained by unauthorised people who can use the information to the detriment of the legal owners.”

Incidents that have set international alarm bells ringing have included:

  • In 2010, a large multinational insurer stated that it had lost approximately 46 000 records containing customers’ personal information. It was later divulged that there was a South African connection as the security breach arose when customer information sent to a South African subsidiary company for processing, resulted in the loss of an unencrypted back-up tape during a routine transfer to a data storage centre. This breach resulted in the insurer receiving a hefty fine from the UK’s Financial Services Authority.
  • More recently, in October this year it was reported that Adobe had suffered a massive security breach which compromised the IDs, passwords, and credit card information of nearly three million customers.

“Personal information obtained illegally can be manipulated resulting in a devastating impact on unsuspecting individuals. Once in possession of a stolen ID document, criminals can use the acquired identity to gather or create additional information.”

“The growth in use of smartphones and the spread of programmes such as ‘Trojans’ into these devices have exacerbated the problem of identity theft. Our online lives has enabled easier illegal collation of our personal information to take place. Criminals armed with this information can create debt, make in-store or online card purchases and even obtain fraudulent passports without the knowledge of the person concerned.

“The bottom line is that stolen personal information has become a commodity. The  price of the stolen information increases based on the financial standing of the individual whose information has been stolen.

“With the increased online availability of stolen personal information there is also a commensurate increase in identity theft to enable buyers of such stolen data to fraudulently access the benefits associated with such stolen information.

“Although South Africa has not yet experienced a spike in hacking incidents linked to the theft of persona, some industry experts expect ID theft to surpass traditional theft due to the perceived anonymity associated with ID theft,” says Bruce Thornton.

The protection of personal information by entities is therefore set to play a critical role in the prevention of future ID theft.

In South Africa this concern has been reflected in the Protection of Personal Information Bill (POPI), which will soon be signed into law. This Bill seeks to support the right to privacy of personal information of South African citizens and, also protects personal information collected and processed by organisations.

The Bill requires a custodian of third party personal information to have adequate measures to secure the integrity of personal information from, amongst other things,theft, loss, damage, unauthorised destruction and unlawful access or processing of personal information. The Bill also requires custodians of this information to identify and constantly update safeguards against identified risks to personal information in their possession.

The holder of information is also required to ensure that, where there is reasonable suspicion that personal information has been accessed or acquired by an authorised person, the processing party must notify the regulators and the person whose personal information may have been subject to unauthorised access.

“The response to the challenge of identity theft has led directly to the highlighting of the need for improved security and the legislative responses of many international governments.

“However, reality dictates that as the world of technology leads to the further proliferation and distribution of personal information, further challenges will arise requiring innovative action to prevent the devastating effect that abuse of data can have on individuals and entities that are impacted  by this illegal activity,” says Bruce Thornton.

Last Updated: 

Contacts

Name:
Company:
Job Title:
Phone:
Email
Name:
Bruce Thornton
Company:
Deloitte & Touche
Job Title:
Associate Director, Risk Advisory, Forensics
Phone:
Email
bthornton@deloitte.co.za
Name:
Kerry Naidoo
Company:
Deloitte & Touche
Job Title:
Senior Manager: Communication
Phone:
Tel: +27 (0)11 209 8630
Email
kenaidoo@deloitte.co.za
Stay connected:

 

Material on this website is © 2014 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Get connected
Share your comments

 

 

More on Deloitte
Learn about our site

  


Recently blogged