- blog.herotel.com

Dear valued Customer,

Customer notification of a security compromise in terms of section 22 of the Protection of
Personal Information Act 4 of 2013 (POPIA)

Dear Valued Customer,

We regret to inform you of a limited data breach involving your personal information.

In line with our commitment to data protection and our obligations under POPIA, we have promptly
brought this matter to your attention.

We can assure you that, for the most part, your data remains secure, and we have taken immediate
action to address the situation.

This letter is to inform you that on Thursday evening, 26 June 2025, we were notified by one of our
customers that through a specific url in the Herotel customer end-user portal, they were accidentally
able to view your personal details and that of 2 other customers.

The data accessed may have included the following types of personal information:

• Your Name

• Address

• Contact Details (phone number and email address)

• Herotel account number

• Herotel product details

• Easypay reference number

The identity of the unauthorised person who may have accessed or acquired the personal information
is: Afikile Masembeni, one of our prepaid customers.

As a result of this breach, below are description(s) of the possible consequence(s) of the security
compromise:

• If your personal details are abused, you may be at a heightened risk of identity theft.

We are doing the following to address the security compromise:

• Our team immediately investigated this incident and identified the vulnerability.
•Whilst the team was working on a fix, they took down the Customer portal.
•A software fix was developed and successfully deployed the same evening.
•We have requested the unauthorised person to delete all private information collected

As per best practice industry standards, we recommend that you do the following:

•Change your password to a strong, unique one that you have not used before.
•Be extra vigilant when dealing with suspicious emails or unsolicited phone calls.
•You may wish to familiarise yourself with tips to prevent fraud. The South African Fraud
Prevention Service (https://www.safps.org.za/) is a useful source of information in that regard.
•Register your Names and ID numbers with the South African Fraud Prevention Service at 011
8672234 to be added to their database. This prevents unauthorized credit applications in your
name without the provided SAFPS letter by yourself.

We have also notified the Information Regulator on the incident, as per the requirements of section
22(1) of POPIA.

If you have questions regarding this notification, please contact our Information Officer at
[email protected]

We greatly value your trust, and we are wholeheartedly committed to ensuring the security of your
data.

Sincerely,
Imel Rautenbach
Information Officer

Back to home

Back to articles