On 24 May 2018 iAfrikan broke a story after our investigations led us to a publicly available database containing just under 1 million personal records of South African drivers who used the Viewfines website to pay for their traffic fines. Following this, we made a submission to the Information Regulator (South Africa) after we could trace that the database leak was as a result of negligence.
Today, 28 May 2019, the Information Regulator has communicated to iAfrikan that they will be closing their file on the case as the owners of the website have since notified all registered users of the leak and have since shutdown the website with no intention to bring it back up.
"All registered users where notified about the breach by an email sent to the email address that was registered to the ID number on Monday 28 May 2018. The website has been removed and will not be brought back online, all personal information was deleted from the database," reads a message that Stephen Birkholtz, Operations Manager at Aggregated Payment Systems (Pty) Ltd - the company that owned the Viewfines website - sent to the Information Regulator.
At the time of discovering the database in 2018, it was interesting to further discover that it contained national identity numbers for all ViewFines registered users, their passwords for the ViewFines website which were shockingly stored stored in plaintext.
The database contains columns for the following, among others:
- Unique ID - system generated ID
- ID Number - 13 digit South African National ID number
- Full Names
- Mobile Number
- Total amount of outstanding traffic fines
- E-mail address
- Password - ViewFines.co.za password stored in plaintext.
It goes without saying that such information would allow anyone with access to the leaked database to obtain further personal data of the users including among others their vehicles and traffic fines information. This also further meant if someone who obtained the database was criminally inclined, the could go on and commit identity crimes and impersonate the users.
With the Information Regulator closing their file on the Viewfines case, it is sensible to assume that no further action will be taken against the company or its directors, despite them putting many South Africans in potential danger of identity theft.