The Hawks' cybercrime unit is working with the State Security Agency (SSA) to investigate reports of a major data leak that is said to affect almost a million South African drivers who used a local website, ViewFines, to check for traffic fines.
The operations manager of the company which owns the website, has also confirmed they are "implementing security measures immediately" to improve the website after being informed about the breach.
The personal records of more than 934 000 people, including their ID numbers, were apparently leaked online, according to a website by Troy Hunt, Australian security researcher and creator of the free service Have I Been Pwned.
His website allows people to check if their personal information has been compromised in a data breach.
He worked with iAfrikan to locate the source of the data.
Hawks spokesperson, Brigadier Hangwani Mulaudzi, said on Thursday evening that they picked up the issue on Wednesday and had already done a preliminary investigation, although they could not confirm anything yet.
He said investigators were meeting with the SSA on Friday to determine what had transpired, how it happened and who was responsible.
The ViewFines website describes itself as a free service to the public to access all outstanding offences issued by its listed municipalities, which were registered against ID numbers.
"The registration provides you absolute security, and access is only allowed by ID and your personal password. No other member of the public can access your outstanding offence information," the website states.
But iAfrikan reported that the user passwords for the ViewFines website were stored in plaintext.
Aggregated Payment System (Pty) Ltd (APS), which owns ViewFines, lists on its LinkedIn profile the major services providers it is contracted with, including First National Bank, ABSA, Standard Bank and the SA Post Office.
APS operations manager Stephen Birkholtz told News24 that they started investigating on Thursday morning after they were informed about a breach.
He said the ViewFines website has always had an SSL certificate, which enables encrypted communication, from inception.
"Our certificate was expiring in July and we installed a new one on the 8th [of] May," he said in response to emailed questions.
According to Hunt's investigation, however, the certificate that was issued on May 8 was revoked three days later and the reason stated was 'cessationOfOperation'.
When asked why passwords were stored in plain text, Birkholtz said: "When the website was designed in 2006, the security was sufficient."
"As soon as we realised that there might [have] been a leak, all passwords on the system were changed. We are also busy with the encryption on all passwords."
He said the website was still operational.
"There are no credit card, bank details or addresses stored on www.viewfines.co.za as we do not do any payments. We only inform the public of where they can pay their traffic fines."