ICASA website faulty
Following complaints that consumer complaints lodged on the website were publicly available – the Independent Communications Authority of South Africa (ICASA) says it is fixing the faults.
The regulator says that its service provider investigated the claims and confirmed that it was possible for someone to change the file reference number and then be able to view someone else’s information.
“Whilst no information is intentionally leaked by the Authority, access to the data was in fact very limited. Of note is that the website does not request bank account details as purported by complainant. However, this problem was identified and the feature was immediately disabled,” ICASA explained.
According to a consumer, complaints lodged through the ICASA website could be viewed by other complainants by simply changing the number on the return link and refreshing that link.
The regulator says several corrective actions were taken – including enhancements to the complaints webpage to advise the complainant against sending any personal or financial information to ICASA as part of any complaint procedure.
ICASA also says it has resolved to expedite the procurement of an SSL certificate for the website – in an attempt to enhance security and encrypt data.
“A meeting was scheduled with the service provider to discuss this problem and identify steps to ensure this does not reoccur. Parts of the discussion were safeguards on the ICASA website to avoid the site from being hacked,” says ICASA.