Quick Facts

• Over 369,600 South African accounts were breached in 2025
• POPI Act protects your rights over personal information
• Fines for data misuse can reach R10 million
• You can report violations to the Information Regulator
• Simple steps can greatly increase your online safety

1. What Is Personal Data?

Personal data is any information about you. This includes information that can identify you.

Your personal data includes:

• Your full name and ID number
• Your phone number and email address
• Your home address and work details
• Your bank account and credit card numbers
• Your fingerprints and photos
• Your medical records and health information
• Your social media accounts and posts
• Your online shopping history
• Your location data from your phone
• Your passwords and PINs

Under South African law (POPI Act), personal data also includes:

• Your race and language
• Your religion and beliefs
• Your pregnancy status
• Your sexual orientation
• Your education history
• Your employment records
• Your criminal history
• Any correspondence you send

2. Why You Must Protect Your Personal Data

Protecting your personal data is critical in 2025. South Africa has serious data security problems.

Here are the facts as of December 2025:

Security Threat	2025 Statistics
Accounts breached in 2025	369,600 South African accounts
Data breaches reported	2,374 in 2024/25 (198 per month)
Digital fraud attempts	52% of all cyber threats in SA
Annual cybercrime losses	R2.2 billion (US$118 million)
South Africans targeted by scams	59% received fraud attempts

What happens when your data is stolen:

• Identity theft: Criminals use your details to open accounts
• Bank fraud: Money stolen from your accounts
• Loan scams: Loans taken out in your name
• Tax problems: Fraudulent tax returns filed
• Credit damage: Your credit score drops
• Blackmail: Criminals threaten to expose your information
• Medical fraud: Health records misused

3. Your Rights Under the POPI Act

The Protection of Personal Information Act (POPI Act) protects you. It has been fully enforced since July 2021.

New regulations came into effect in April 2025. These give you more power over your data.

You have these legal rights:

Your Right	What This Means
Right to be notified	Companies must tell you when they collect your data
Right to access	You can request copies of your data
Right to correction	You can fix wrong information about you
Right to deletion	You can ask companies to delete your data
Right to object	You can say no to data processing
Right to stop marketing	You can refuse marketing calls and messages
Right to complain	You can report violations to the Information Regulator

What companies MUST do under POPI Act:

• Get your permission before collecting data
• Tell you what data they collect
• Explain why they need your data
• Keep your data safe and secure
• Only use data for the stated purpose
• Delete data when no longer needed
• Report data breaches to you and the regulator
• Pay fines up to R10 million if they break rules

⚠️ 4. Current Data Threats in South Africa (2025)

These are the biggest threats to your personal data. Be especially careful of these dangers.

1. Account Login Attacks (Highest Risk)

In 2025, 2.6% of account logins in SA are fraud attempts. Criminals steal passwords and take over accounts. This is four times more dangerous than signing up for new accounts.

2. Data Breaches at Companies

Major companies in SA have been hacked in 2025. When this happens, your personal data is stolen. Recent breaches affected Pam Golding Properties and Parliament’s social media accounts.

3. SIM Swap Fraud

Criminals get a new SIM card with your number. They receive your banking codes. They empty your accounts within hours.

4. Phishing Messages

Fake emails and SMS pretending to be from banks. They ask you to click links. The links steal your passwords and banking details.

5. Social Media Scams

Criminals create fake profiles using your photos. They contact your friends asking for money. They use your personal posts to answer security questions.

6. Public Wi-Fi Attacks

Hackers steal data when you use free Wi-Fi. They capture your passwords when you log into accounts. Never do banking on public Wi-Fi.

7. Malicious Apps

Fake apps that look real steal your data. They access your contacts, messages, and photos. Always download apps from official stores only.

🚨 5. Common Data Scams in South Africa

These scams target South Africans specifically. Learn to recognize them.

Remember: If it sounds too good to be true, it is a scam. No legitimate company asks for passwords or PINs.

✅ 6. How to Protect Your Personal Data

Follow these steps to keep your information safe. These are simple actions anyone can take.

Step 1: Create Strong Passwords

• Use at least 12 characters
• Mix uppercase and lowercase letters
• Include numbers and symbols (! @ # $ %)
• Never use your name, birthday, or ID number
• Use different passwords for different accounts
• Change passwords every 3-6 months

Step 2: Enable Two-Factor Authentication (2FA)

This adds a second lock to your accounts. Even if someone steals your password, they cannot access your account.

How 2FA works:

• You log in with your password (first step)
• You receive a code on your phone (second step)
• You enter the code to complete login
• Without both steps, no one can access your account

Turn on 2FA for:

• All banking apps (Capitec, FNB, Standard Bank, ABSA, Nedbank)
• Email accounts (Gmail, Outlook)
• Social media (Facebook, Instagram, WhatsApp)
• Online shopping accounts (Takealot, Makro)
• Government services (SARS eFiling, SASSA)

Step 3: Secure Your Mobile Phone

• Use a strong PIN or password (not 0000 or 1234)
• Enable fingerprint or face unlock
• Set auto-lock to 30 seconds or 1 minute
• Update your phone software regularly
• Only download apps from Google Play or App Store
• Check app permissions before installing
• Never share your phone’s unlock code

Step 4: Protect Against SIM Swap

• Add a SIM swap block with your mobile provider
• MTN: Dial *141# and select “Manage My Upgrades”
• Vodacom: Visit a store with your ID to add protection
• Cell C: Phone 084 135 or visit a store
• Telkom: Phone 081 180 or use the TelkomOne app
• Never share your SIM card serial number
• If you lose signal, immediately contact your bank and provider

Step 5: Be Careful With Emails and Messages

• Never click links in unexpected emails or SMS
• Check the sender’s email address carefully
• Banks never ask for passwords via email
• Hover over links to see where they really go
• If unsure, phone the company directly
• Delete suspicious messages immediately

Step 6: Use Public Wi-Fi Safely

• Never do banking on public Wi-Fi
• Avoid logging into important accounts
• Use your mobile data instead when possible
• Use a VPN app for extra protection
• Turn off Wi-Fi when not using it

Step 7: Monitor Your Accounts Regularly

• Check your bank statements weekly
• Report unknown transactions immediately
• Get a free credit report once a year
• Check for unauthorized accounts opened in your name
• Set up SMS alerts for all transactions

7. Social Media Privacy and Safety

What you share on social media can be used against you. Protect yourself with these settings.

Information Criminals Get From Social Media:

• Your birthday (used to guess passwords)
• Your mother’s maiden name (security question)
• Your first pet’s name (security question)
• Where you live and work
• When you’re away from home
• Your children’s names and schools
• Your daily routine and schedule

Facebook Privacy Settings:

• Go to Settings → Privacy
• Set “Who can see your future posts” to “Friends” only
• Limit past posts to friends only
• Turn off location services
• Don’t allow search engines to link to your profile
• Review who can see your friends list
• Control who can tag you in photos

WhatsApp Privacy Settings:

• Settings → Account → Privacy
• Set “Last Seen” to “My Contacts” or “Nobody”
• Set Profile Photo to “My Contacts”
• Set About to “My Contacts”
• Turn on two-step verification
• Enable security notifications
• Don’t auto-download files from unknown numbers

Instagram Privacy Settings:

• Settings → Privacy
• Make your account private
• Don’t show activity status
• Control who can comment on posts
• Turn off location services
• Review tagged photos before they appear

What NOT to Share on Social Media:

• Your full ID number or passport number
• Photos of your bank cards or documents
• Your exact home address
• When you’ll be away on holiday
• Your children’s school names
• Your daily schedule and routine
• Photos showing house layout or security
• Expensive items you’ve purchased

8. What to Do If Your Data Is Breached

Act fast if you discover your personal data has been stolen. Time is critical.

Immediate Actions (First 24 Hours):

How to Report POPI Act Violations:

If a company misused your data or failed to protect it:

What the Information Regulator Can Do:

• Investigate the company that breached your data
• Order the company to fix the problem
• Fine companies up to R10 million
• Refer cases for criminal prosecution
• Help you get compensation

Additional Reporting Contacts:

Organization	Contact Details	What They Help With
Banking Ombudsman	0860 800 900	Banking fraud and disputes
SABRIC	www.sabric.co.za	Banking scams and fraud
National Consumer Commission	0860 003 600	Consumer rights violations
SASSA Fraud Hotline	0800 60 10 11	Grant scams
Cybersecurity Hub	cybersecurity@dti.gov.za	Cyber crime incidents

Free Resources to Protect Yourself

Free Credit Reports (Once Per Year):

• You are entitled to one free credit report annually
• Check for unauthorized accounts or loans
• Contact TransUnion, Experian, XDS, or Compuscan
• Request your report in writing with ID copy

Free Security Apps:

• Google Authenticator (for 2FA codes)
• Microsoft Authenticator (for 2FA codes)
• Have I Been Pwned (check if email was breached)
• Find My Device (locate lost phone)

Free Online Safety Checks:

• Visit haveibeenpwned.com to check for data breaches
• Check CIPC website to verify company registration
• Use SAFPS website to check fraud alerts

Quick Reference: Red Flags to Watch For

Call or message is a SCAM if:

• They ask for your password or PIN
• They want you to pay money upfront
• They create urgency (“Act now or lose access!”)
• They threaten legal action
• The message contains spelling errors
• They send suspicious links
• They ask for remote access to your device
• The offer sounds too good to be true
• They claim to be from government but ask for payment
• They contact you about a problem you didn’t report

When in doubt, hang up and call the official number yourself. Better safe than sorry.

Protecting your personal data is essential in 2025. South Africa faces serious cyber threats. But you can protect yourself with simple steps.

Take these actions today:

• Enable two-factor authentication on all accounts
• Change weak passwords to strong ones
• Add SIM swap protection to your phone
• Review your social media privacy settings
• Check your bank statements weekly

Remember the golden rules:

• Never share passwords or PINs with anyone
• Banks never ask for this information
• If it sounds too good to be true, it is a scam
• Report suspicious activity immediately
• You have rights under the POPI Act – use them

The POPI Act protects you. Companies must keep your data safe. If they don’t, they face fines up to R10 million. Report violations to the Information Regulator.

Your personal information is valuable. Criminals want it. But with these protections, you can keep your data safe and secure.