Cape Town – Australian security researcher and creator of ‘Have I Been Pwned’, Troy Hunt reported to twitter that the personal information of more than 30 million South Africans has apparently been leaked online.

He took to Twitter and said, he had “a very large breach titled ‘masterdeeds’”.  The title of the data led him and other commentators to speculate that the leak could potentially be from the deeds office.

If the information Hunt has is legitimate, it may be the biggest breach of Popi (Protection of Personal Information Act) to have ever taken place. Hunt said the database contained names of people, their gender, ethnicity, home ownership and contact information.

The data also contained people’s identity numbers and other information like their estimated income and details of their employer. He said the information appeared to be from a government agency.

MyBroadband reported that the database was a 27.2GB backup file that Hunt found on Torrent and he gained 31.6 million records before it crashed. He said there could be over 47 million records in the database.

South Africans replying to Hunt’s tweets wondered if the information could also come from other databases, like those a bank would have.

Many were concerned that their personal information formed part of the breach. It was not clear how old the information was as some commentators said that the database appeared to be from “ancient Java” which was last updated in 2009. The possibilities may be that the database that was being used by the agency the information had been taken from was not up to date.