The DA has called for a Special Investigating Unit (SIU) probe into potential grant fraud at the SA Social Security Agency (Sassa), after a preliminary report presented to parliament revealed the agency’s ICT systems are vulnerable to attack on multiple fronts.
“An independent SIU investigation will bring transparency, restore public confidence and mend the reputation of the social assistance framework, which is at the very heart of the social contract bringing dignity to millions of South Africans,” said the DA’s Alexandra Abrahams.
Sassa is charged with disbursing an array of welfare grants to 18-million beneficiaries, while another 8-million people receive the R370-a-month social relief of distress (SRD) grant introduced in response to Covid-19.
Last month two first-year students from Stellenbosch University sounded the alarm about potential SRD grant fraud, after they discovered numerous applications had been made using individuals’ identity numbers without their knowledge.
After the students presented their findings to parliament’s portfolio committee on social development on October 23, social development minister Nokuzola Tolashe undertook to investigate the matter and report back to MPs within 30 days.
On Wednesday, the service provider appointed by her department, Peter Masegare & Associates, provided MPs with its preliminary findings. It flagged numerous weaknesses, including that multiple SRD grant applications could be made with the same phone number without additional checks, that two-factor authentication was not routinely used and that Sassa’s communications were not encrypted.
“There are significant threats that could potentially lead to unauthorised access, data breaches, service disruptions or reputational damage if vulnerabilities are exploited. Key areas of concern include the lack of encryption, unprotected back-up files and weak authentication policies,” said the firm’s Stanley Machote.
However, the report stopped short of providing details of whether fraud had indeed been perpetrated and, if so, how and on what scale. Nor did it shed any new light on how the personal details of millions of people could have been obtained and then used to apply for grants without their knowledge or consent, as alleged by the students.
The minister told MPs that her department had underestimated the task at hand and needed more time to determine whether fraud had occurred.
Abrahams said the DA had asked the public to share their experiences of alleged fraud and received more than 250 emails from people who said they had been locked out of social grants despite being eligible to receive them.
While Masagare & Associates’ investigation had focused on the SRD grant, it was possible that fraud was being perpetrated with the other grants administered by Sassa, she said. These include the child grant, old age pensions, disability grant, veterans grant and the foster child grant.
Cybersecurity firm ScaryByte technical director Abdul Kareem said if Sassa’s systems were vulnerable to attack it was likely its systems had already been breached. The probe into Sassa needed to include a digital forensic investigation and determine who had made queries on its system, he said.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.