The Independent Communications Authority of South Africa (ICASA) took it upon itself to engage the service provider for investigation of the complaint lodged by one of the consumers who alleged that complaints lodged through the ICASA website can be viewed by other complainants by simply changing the number on the return link and refreshing that link.
The service provider confirmed that this is indeed a problem as it was possible for someone to change the file reference number and then be able to view someone else’s information. Whilst no information is intentionally leaked by the Authority, access to the data was in fact very limited. Of note is that the website does not request bank account details as purported by complainant. However, this problem was identified and the feature was immediately disabled.
For this reason the following corrective actions were taken, among others:
The complaints webpage will be enhanced to advise the complainant against sending any personal or financial information to ICASA as part of any complaint procedure. The Authority has resolved to expedite the procurement of an SSL certificate for the ICASA website. This is a security certificate similar to those used by financial institutions and it will enhance the security and also encrypt the data. A meeting was scheduled with the service provider to discuss this problem and identify steps to ensure this does not reoccur. Parts of the discussion were safeguards on the ICASA website to avoid the site from being hacked.
The Authority would like to reiterate its commitment to ensuring that all complaints are treated with the strictest confidentiality.
Enquiries:
Paseka Maleka
Tel: 011 566 3455
Cell: 079 509 0702
E-mail: pmaleka@icasa.org.za
The Independent Communications Authority of South Africa (ICASA) takes responsibility of all complaints lodged by consumers through its website
