- Herotel

Dear valued Customer,

NOTIFICATION OF A SECURITY COMPROMISE IN TERMS OF SECTION 22 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013

We hope this message finds you well. We’re writing to inform you about an recent incident that occurred; one that requires your attention but without causing undue concern.

Through engaging with us (Hero Telecoms (Pty) Ltd) (“Herotel”/us/our/we”) as your internet service provider, you entrusted us with some personal information as per the Protection of Personal Information Act No. 4 of 2013 (referred to as “POPIA”). As part of our service, we obtained your consent through the Master Service Terms, to share this information with third party processing agents, such as Netcash (Pty) Ltd (“Netcash”).

Netcash (the Operator in terms of POPIA) plays an important role as a 3rd party payment service provider for Herotel (the Responsible Party), managing debit order processing on our behalf.

Even though we have strict security measures in place, we have reason to believe there was a security incident at Netcash, potentially involving personal information being accessed by an unauthorised third party, and as such we want to provide you with the available information so you can take necessary precautions.

Here are the key details:

On August 21, 2023, a Netcash employee, handling a debit order query with us, accidentally sent a debit order batch file to Pienaar Partners t/a Mellin I Style Optometrists (“Pienaar Partners”), thinking that she was dealing with us.
The mistake was recognized by the employee the next day and immediately reported to Netcash’s Management, who contacted Pienaar Partners on the same day, requesting the immediate destruction of the email and its attachment.
Pienaar Partners confirmed on August 23, 2023, that the email was unopened, and they had deleted it, successfully containing the situation.
The incident resulted from an unfortunate human error on the part of Netcash’s employee.
The unauthorized party who received the email with the debit order batch file, and who we are obliged to notify you of in terms of POPI, is identified as Ms. Brenda McPherson, a bookkeeper at Pienaar Partners.

The personal information that may have been accessed includes:

One debit order batch report in CSV format.
The number of Data subjects affected are 1,007 individuals and 45 legal entities.
Banking account numbers, bank branch numbers, debit order amounts, and account holder names.

To address this situation and protect your personal information further, Netcash has taken the following actions:

Confirmed destruction of the email containing your information with Pienaar Partners.
Gathered information relating to the incident, with the purpose of pursuing appropriate disciplinary measures regarding the involved employee.
Instituted a secure document sharing policy and training, including password protection.
Scheduled additional POPIA training for staff to prevent future breaches.

While there’s a possibility that this incident could lead to the sale of your data or attempts at fraud, we want to reassure you that your security is a priority for us. To further mitigate potential risks, we recommend the following steps:

Register your Names and ID numbers with the South African Fraud Prevention Service at 011 867 2234 to be added to their database. This prevents unauthorized credit applications in your name without the provided SAFPS letter by yourself.
Stay vigilant and promptly report any suspicious activity on your bank account to your bank or relevant authorities.
Change your online bank account password(s) for the affected accounts, as a precaution.

Should you have any questions or concerns about this incident, please reach out to the writer at [email protected] or contact our Legal Officer, Reitz Krige, at 021 300 0142.

Your trust in Herotel is of utmost importance to us, and we are committed to ensuring your data remains secure. We apologize for any inconvenience this may have caused and thank you for your continued support.

Sincerely,

Imel Rautenbach
Information Officer

Cookie	Duration	Description
Client Address	Session	This is a session cookie that stores the address you searched for, for the duration of you site visit.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
heroteladcampaign10	1 month	No description
Lat Long Results	Session	This is a session cookie that stores the lat / long results of the address you searched for, for the duration of you site visit.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
Result	Session	This is a session cookie that stores the product results based on the address you searched for, for the duration of you site visit.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-139920703-6	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
CONSENT	16 years 6 months 13 days 10 hours	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.