South Africa’s new traffic fine system exposed personal data
Jan Vermeulen reports:
An online interface set up for the Administrative Adjudication of Road Traffic Offences (Aarto) system exposed the personal information of every South African who received an infringement notice under the new law.
Personal data contained in the leak included full names, ID numbers, residential or business addresses, phone numbers, vehicle registration information, and infringement details.
An anonymous security researcher who is a regular user of the system informed MyBroadband about the data leak.
Read more at MyBroadband.
Of special note: the chilling effects of laws that do not recognize responsible disclosure as a defense against charges of criminal conduct:
They did not wish to approach the Aarto system operator directly, because the researcher was concerned that the new Cybercrimes Act and Protection of Personal Information Act could be used to prosecute them, despite their good intentions.