Technology publication ‘MyBroadband’ claims that the personal information of South Africans who applied for home loans through major banks in the last ten years, was exposed through a security flaw.
MyBroadband says the exposed data includes identity documents, home loan application information and the property valuation.
However the company in charge of storing and securing the data on behalf of the banks, ‘E4’ says the personal information of applicants has not been breached.
Senior journalist at MyBroadband, Jan Vermeulen says, “We got information from a source that this was happening and so we investigated a bit more. We were shown evidence the security flaw in action and then you we were able to follow up with the company. They confirmed that there were security flaws in the application programming interface but said that there’s been no leak and no unauthorised person has gained access to the data to the best of their knowledge. I can’t just connect to the API and look for myself if they’ve fixed the issue but we will certainly follow up. The latest information we had received was in fact evidence that the API was still exposed.”