Written by: Chantelle Fraser – CEO of Dracore Data Sciences (Pty) Ltd
On the 17th of October while returning from a meeting in Centurion, I received a call from my office advising that Mr Tefo Mohapi made contact with one of my employees, Mr Adrian Hamel on our office number and on WhatsApp. The WhatsApp from Mr Tefo Mohapi said that he thinks our Go Vault Database has been hacked and all our records are available online.
In a further WhatsApp he says that “someone” just shared with him the database headers and say they have 30 million records. Upon his investigation and visiting www.whois.com he identifies that Mr Hano Jacobs owns the domain for www.govault.co.za
I confirm this is indeed true as Hano Jacobs and I were in 2013 exploring possible business avenues that involved software development. However we ended this exploration in early 2014 as we did not have the capacity or time to fulfil on our ideas.
On the 17th of October at 16h22, Mr Tefo Mohapi addressed an email to myself and asked the following;
On receipt of this email, I had arrived back at my office in Northriding, and immediately called my technical and operations team together and started our investigation and responded to Mr Tefo Mohapi’s email as follows.
Mr Tefo Mohapi replied as follows;
I had by this point due to the seriousness with which we take these allegations, referred the matters to our attorneys, Jordaan Attorneys and provided Mr Mohapi with their contact details so he could refer any further information to our legal team.
To answer his question for readers, there would be a strong resemblance between our database headers and the leaked data table naming conventions (Headers). The reason for this is that the data like Deeds Data comes in a certain format (Headers) and we have kept to the deeds office naming convention standard with regarding to the return fields. We have a number of additional fields that are not displayed and the field types are also different from the leaked data layout. This being said, you will pick up a strong resemblance across any data company in South Africa.
Despite our confirmation to Mr Tefo Mohapi that Dracore Data Sciences is not the source of the data leak, he published an article with a headline saying; Is Dracore Data Sciences Responsible for South Africa’s largest Ever Data Leak? Which was published on https://www.iafrikan.com/2017/10/18/dracore-data-sciences/
We then received an email from Mr Tefo Mohapi on the 18th of October providing us with an IP address and telling us to take this down immediately. This IP address is owned by Jigsaw Group and Dracore has no access to external companies databases and as such are not able to take down.
We then received further confirmation from a previous employee of Jigsaw that this IP address and database is in fact owned by Jigsaw.
I believe that Jigsaw Group is aware of this Data Leak and have their IT company which I also believe is called EPI-USE (not verified) investigating this matter.
The Linked Website to the IP address is as follows. The server setup on the “hacked site” is Apache where Dracore is IIS. Dracore also uses SQL server and not MySQL as per the data table provided by Mr Tefo Mohapi.
It is now the 18th of October, 12h45 and I have still not had access to this database or any evidence that Mr Tefo Mohapi has to allow him to publish and name Dracore Data Sciences in the press.
Mr Hano Jacobs then called and emailed Mr Tefo Mohapi at 09h59 on the 18th of October and advised him that the source of the data leak was due to a server comprise on a Jigsaw Holdings Server. Mr Tefo Mohapi then responded to say “ Thanks, I will update article and clarify with this information and that you did contact Michelle. Appreciated.
Is Jigsaw a Dracore client?”
In response to this, Dracore Investments (Pty) Ltd, a company that has been liquidated did indeed have an agreement in place with Jigsaw Proprietary Limited where we worked with them on a project to enrich their deeds database over a period of 6 months. This agreement started on the 3rd of July 2014 and came to an end 6 months later once the project was completed. It is standard practice that we will include such clauses in our agreements.
Mr Tefo Mohapi has since responded to our formal letter from Jordaan Attorneys and this is his response.
Today has been a really tough day for my team. I started my journey into entrepreneurship in 2013 and have always operated my business on the premise of integrity. We are a small business but already submitted our credit bureau application in October 2013 to The National Credit Regulator as we wanted to be able to ensure we were always compliant with the relevant legislation that impacts the way in which data has to be stored and managed. Why, because we wanted to ensure that we would be able to provide good quality data enrichment solutions to our clients now and into the future and earn the right to be known as a reputable and reliable business our clients could deal with.
We conclusively know that we are not the source of the data leak, however the damage of Mr Tefo Mohapi’s actions are far reaching and we will deal with every single response from the media .
Chantelle Fraser | CEO