Heads Up: UIF Covid-19 Relief Scheme Website is Hit by a Data Leak

11 Jun

With identity theft and fraud on the rise, no one really wants any of their personal information “out there” in the public eye. Unfortunately, people who have made use of the government’s UIF Temporary Employer-Employee COVID-19 Relief Scheme during Covid-19 times, are now faced with the risk of having their personal details used against them.

The Vulnerability on the UIF Website

As it turns out, while the government was busy focusing on getting funding to its people, opportunistic criminals were provided with an open door to the UIF reference numbers and total payout amounts of each individual paid out. The real danger comes in where criminals can write scripts to extract the amount paid to each individual and on what date.

UIF’s Turnaround Efforts

Security researchers recently reported the problem to the UIF and they have made efforts to thwart the attempts of online criminals by removing the UIF reference numbers from the downloadable list and featuring a security CAPTCHA on the page. However, one can still look up a person’s UIF payout details if they have the individual’s ID number. One has to wonder how secure that is, especially when you realise that the UIF website doesn’t require an individual to register an account on the website or login, in order to see these details.

Official UIF & Ministry of Labour Response

When industry professionals reached out to the Ministry of Labour regarding the data break and security issue, they directed them to speak with UIF representatives instead. In the meantime, the UIF has not responded to requests for comments and feedback.

Last Word

As the UIF remains silent on the matter, it is in the best interests of citizens to know the risks that they face as beneficiaries of the new Temporary Employer-Employee Relief Scheme.

Want to start protecting your personal data a bit better? Take a look at the security features offered for small to medium businesses with data encrypted online backup at Soteria.

Comments are closed.