The hacker, who identifies themselves as MOE1, recently made the security advisory. This has been amid widespread criticism and opposition from South Africans to the toll road system in the country.
“If one has bought an e-tag and/or registered it with Sanral as a user, a number of your personal particulars are actually recorded in their systems. Anybody gaining access to that or multiple accounts is obviously going to have access to a whole lot of detail that you may have provided to Sanral,” Justice Project SA chairperson Howard Dembovsky told CNBC Africa.
“Some people may have additionally added their banking details to that, some people may not have. The fact is that there’s a different level of prejudice that gets suffered by people depending on the amount of information to have actually shared with Sanral.”
Dembovsky explained that there was unfortunately no recourse at the moment for such infringements, as it is a violation of Electronic Communications and Transactions Act. He added that a service provider is in fact obliged to keep a customer’s personal particulars quiet.
“The Protection of Information Act was also signed into law towards the end of last year, but its commencement has not come into play yet. Had it been commenced, then Sanral would find itself in some very hot water and facing criminal charges,” said Dembovsky.
“The fact is they need to take serious and urgent action to make sure that their users’ details are 100 per cent secure from hacker access.”
Bodies such as the Justice Project SA would be able to assist clients in approaching attorneys to take legal action against Sanral for not keeping their personal particulars securely.
“The prejudice that gets suffered could possible lead to civil claims as well as criminal charges against Sanral,” said Dembovsky.