South African Utility Suffers Double Security Blow

Written by

South Africa’s largest electricity supplier has come under fire for apparently ignoring a serious leak of customer data.

Eskom, which claims to transmit and distribute 95% of the electricity used in the country, was called out earlier this week on Twitter by a frustrated security researcher.

“You don't respond to several disclosure emails, email from journalistic entities, or twitter DMs, but how about a public tweet?” said Devin Stokes. “This is going on for weeks here. You need to remove this data from the public view!”

The leaked data appears to include customer details including account IDs, meter information and payment details.

Only the last four digits of card numbers are visible, as are CVV numbers: certainly enough to launch convincing phishing attacks and follow-on fraud.

Unfortunately for the energy giant, which also claims to provide 45% of the electricity used in Africa, it also appears to have been hit with a seemingly unrelated malware infection.

Twitter user @sS55752750 claimed that one of the company’s user's machines was infected with a trojan, adding that “all her credentials were stolen.”

Although the utility firm initially claimed that the email address provided was “not a valid Eskom email address,” it subsequently changed its position.

“This has been investigated and the necessary actions have been taken. Thank you for bringing it to our attention,” the firm tweeted on Wednesday.

It remains to be seen what action is being taken to address the exposed database.

Paul Edon, senior director at Tripwire, argued that a company the size of Eskom should have better visibility into its systems and take a more proactive approach to security.

“There is a tendency for boardroom executives to operate with a reactive mindset, and although understandable, since attacks are difficult to visualize until they happen, it is still unacceptable,” he added. “With cybersecurity, it is critical that organizations get the basics right. Continuously monitoring the security of their infrastructure can go a long way towards preventing a successful attack or reducing the impact.”

What’s hot on Infosecurity Magazine?