The Great Data Heist: How Your Voter Information Was Traded Before the Elections, and Who Bought It
An Exclusive Investigation by Celeb Gossip News
In the frantic months leading up to South Africa’s national and provincial elections, a shadow market thrived. Its currency was not money, but you. Your identity number, your address, your presumed political leanings, and crucially, your voting district. While the nation debated manifestos and attended rallies, an underreported and largely illicit trade in the personal data of millions of citizens was underway, compromising the very privacy that should underpin a free and fair vote. This investigation can reveal how vast troves of South African voter information were compiled, packaged, and sold to political parties and campaign consultancies, raising profound questions about the integrity of our electoral process.
The trail begins not with a dramatic hack, but with a slow, pervasive seepage. According to multiple cybersecurity experts and data brokers who spoke to Celeb Gossip News on condition of anonymity, the data was aggregated from a horrifyingly wide array of sources. “Think of it as a giant jigsaw puzzle where the pieces are scattered across the digital landscape,” one source explained. “Every time you registered for a loyalty programme with your ID number, filled in an online competition form, or even applied for a services like electricity, that data point was potentially harvested.”
Government platforms, ironically those meant to serve citizens, were among the most significant leaks. Inefficiencies and poor security protocols at certain Home Affairs branches, municipal customer care databases, and even some voter registration facilitation portals created vulnerabilities. A data broker, who we will call Mr. Ndlovu to protect his identity, was blunt: “The government holds the master key – your ID number, your registered address. When that data is left in poorly secured digital filing cabinets, it’s only a matter of time before it is copied. We’re not talking about one big breach you read about in the headlines. We’re talking about a thousand small ones, every day, that no one reports.”
Private companies were the other major contributor. Cellphone network operators, retail giants, and financial service providers amass detailed profiles on their customers. While their terms and conditions often grant broad permissions for “marketing,” the line was crossed when this data was enriched with government-sourced identifiers and sold for explicitly political purposes. “The data is ‘anonymised’ in name only,” revealed an ethical data scientist who audited some of the traded datasets. “If you have someone’s cellphone number, their suburb, and their approximate age, it is trivially easy to match that back to the voter’s roll using commercially available software. Suddenly, ‘anonymous user 4567’ becomes Thandiwe Mbeki of Soweto, who is registered to vote at Station 12.”
The compilation was handled by specialised, often unregistered, data brokerage firms operating in the grey areas of the Protection of Personal Information Act (POPIA). Our investigation has identified three primary actors in this space: *Digital Demographics (Pty) Ltd*, a Johannesburg-based firm with links to international political consultancies; *Pulse Analytics Africa*, which reportedly uses sophisticated algorithms to predict voting behaviour; and a shadowy consortium known informally among insiders as *“The Data Pool.”* The latter is not a formal company but a cooperative arrangement between several smaller brokers who pool their illicitly obtained datasets to create a more comprehensive product.
The product itself was chilling in its detail. For a price ranging from R2 to R5 per record, political clients could purchase profiles that included an individual’s full name, known aliases, identity number, physical and postal addresses, cellphone number, and a calculated “propensity score.” This score, a number from 1 to 100, estimated how likely the person was to vote for a particular party or to be swayed on a key issue like land reform or service delivery. Most damagingly, each profile was tagged with a precise voting station code. “That was the golden ticket,” Mr. Ndlovu confirmed. “It meant parties could move from broad-stroke campaigning in a ward to micro-targeting specific streets, even specific households, with tailored messages. It turned electioneering into a surgical strike.”
The evidence of this heist is not just in the shadowy deals, but in the sudden, hyper-targeted campaigning witnessed across the country. In the weeks before the election, residents in specific suburbs of Pretoria, Durban, and Cape Town reported receiving a flood of personalised SMSs and WhatsApp messages. These were not generic party broadcasts. They addressed recipients by name, referenced local issues like a pothole on their street or the closure of a nearby clinic, and were sent with precise timing around payday or weekends. “I got a message from the ANC candidate saying he knew I was a hard-working nurse and promising better staffing at my local clinic. Then an hour later, the DA sent one talking about fixing the traffic lights outside my complex. It wasn’t campaigning; it felt like being stalked,” said Portia Khumalo, a resident of Garankuwa.
The most telling pattern emerged in historically contested wards. Parties that had previously relied on blanket door-to-door canvassing were observed deploying small, nimble teams to visit only specific, colour-coded houses on their digital maps. “Our internal directives changed dramatically,” confessed a volunteer from a major party’s youth league, who shared documents on condition of anonymity. “We were given printed sheets with names, addresses, and talking points. ‘Visit this house, talk about youth grants. Avoid this one, they are marked as hostile. This one is a ‘persuadable’ on the issue of corruption.’ We were never told where the lists came from, but they were scarily accurate.”
So, who bought this illicit trove? While the data brokers maintain client confidentiality, financial trails and campaign analysis point strongly towards the major political players. The ANC, DA, and EFF all dramatically increased their spending on “digital consultancy” and “voter research” in the six months preceding the election, with payments flowing to shell companies that our investigation has linked to the aforementioned brokerage firms. A former staffer at *Pulse Analytics Africa* stated, “Our biggest contracts were with the campaigns of the top three parties. They wanted the ‘premium package’ – the full profile with the propensity score and voting station data. The smaller parties could only afford the basic demographic lists.”
The legal and ethical implications are staggering. Professor Anesh Singh, a constitutional law expert at the University of Pretoria, was unequivocal. “This is a fundamental violation of POPIA. The Act is clear that personal information, especially special personal information which can include political beliefs, cannot be processed without explicit, informed consent. Trading this data for political gain is a serious offence. Furthermore, it creates a profoundly unequal playing field. It is a form of digital gerrymandering that advantages wealthy parties who can buy this intelligence, undermining the principle of free and fair elections.”
Perhaps the most sinister consequence is the erosion of trust. When a citizen’s most private details, linked to their democratic right, become a commodity, it breeds cynicism and disengagement. The Electoral Commission of South Africa (IEC), when presented with a summary of our findings, stated they were “bound by strict legislation regarding the confidentiality of the voter’s roll” and that “any allegation of misuse of personal data is a matter for the Information Regulator.” The Regulator, however, has been plagued by resourcing issues and has yet to make a single high-profile prosecution under POPIA since its enactment, creating a vacuum where data thieves operate with impunity.
This great data heist reveals a new frontier in South African politics. The battle is no longer just on the podium or in the community hall; it is waged in unseen servers and encrypted chats, with your personal information as the ammunition. The companies that trafficked in it, and the political parties that likely bought it, have treated the South African electorate not as a sovereign body to be engaged, but as a dataset to be manipulated. As the dust settles on another election, urgent questions demand answers: Who will be held accountable for this breach? How can our laws be strengthened to prevent a repeat? And how do we, as citizens, reclaim our privacy and our power in the digital age? The integrity of our democracy depends on it.
Follow Us on Twitter
