Home > Industry News > Eskom exposes customer data

Eskom exposes customer data

07.02.2019

Eskom, a South African largest electricity public utility, has been keeping customer data exposed for a few weeks. The company, which generates more than 90% of local electricity and almost half of the electricity used in Africa, was asked to “remove this data from the public view” by Devin Stokes, a security researcher, but the representatives would not fix the bug.

Stokes has detected a vulnerability in the company’s system. The reason for the leak and the way the data could be accessed haven’t been cleared up yet.

Stokes posted two sequential screenshots. The second one revealed that not only account IDs and meter details were compromised, but financial data of clients, full names, partial card numbers and security codes were breached as well.
The number of those affected hasn’t been sounded off yet, although it is known that Eskom provides services to almost 6 million customers in South Africa.
The researcher has pointed out a possible issue claiming that the database lacked a password.

Eskom has recently been warned about a Trojan on one of their corporate assets which had invaded the network as a fake The Sims 4 installer.

SearchInform DLP

SearchInform Risk Monitor

Cloud solutions

SearchInform ProfileCenter

SearchInform FileAuditor

SearchInform SIEM

TimeInformer

Services

SearchInform for MSSP

How to max out SearchInform services

Challenges

Roles

Industries

Saudi Arabian Monetary Authority

GDPR compliance with SearchInform

Personal Data Protection Bill

White Papers

Third-party integration

Research

How to

Practices and use cases

Videos

Eskom exposes customer data