hustler.co.za

Breach Response Plan

Last updated: 7 April 2026

1. Purpose

This plan outlines how Tapnet Solutions (Pty) Ltd ("Tapnet") responds to security compromises affecting personal information processed through hustler.co.za and all other websites, applications, and digital services operated by Tapnet, in compliance with POPIA Section 22 (Notification of Security Compromises).

2. Definition of a Breach

A "security compromise" (data breach) under POPIA means there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person. This includes:

  • Unauthorised access to the database or user accounts
  • Accidental exposure of personal information (e.g., data visible to wrong users)
  • Loss or theft of devices containing personal information
  • Successful phishing, social engineering, or credential theft
  • Ransomware or malware affecting systems that store personal information
  • A third-party operator (Neon, Vercel, Resend, etc.) notifying us of a breach on their end

3. Response Team

Given our current size, the response team consists of:

  • Information Officer (Lead): Wynand de Beer — responsible for all decisions, notifications, and coordination
  • Technical response: Platform developer(s) — responsible for containment and remediation

As the company grows, this team will be expanded to include dedicated security and legal personnel.

4. Response Procedure

Step 1: Identify and Contain (within 1 hour)

  1. Confirm the breach is real (not a false positive)
  2. Determine the scope: what data, how many users, what systems
  3. Contain the breach immediately:
    • Revoke compromised credentials
    • Rotate API keys and database passwords
    • Block unauthorised access points
    • Take affected systems offline if necessary
  4. Preserve evidence (logs, screenshots, timestamps)

Step 2: Assess (within 24 hours)

  1. Determine the nature of the compromised data (names, emails, financial data, etc.)
  2. Estimate the number of affected users
  3. Assess the risk of harm to affected individuals
  4. Determine if the breach is ongoing or contained
  5. Identify the cause (vulnerability, human error, third-party breach, etc.)

Step 3: Notify the Information Regulator (as soon as reasonably possible)

Notification is submitted via the Information Regulator's online reporting platform at https://inforegulator.org.za. The notification includes:

  • Description of the breach
  • Categories and approximate number of data subjects affected
  • Categories of personal information compromised
  • Measures taken or proposed to address the breach
  • Recommendations for affected users
  • Contact details of the Information Officer

Step 4: Notify Affected Users (as soon as reasonably possible)

Affected users are notified via email (and platform notification if available). The notification includes:

  • Description of what happened, in plain language
  • What personal information was affected
  • Possible consequences of the breach
  • What we are doing about it
  • What the user should do (e.g., change password, monitor accounts)
  • Contact details for the Information Officer
  • Right to complain to the Information Regulator

Step 5: Remediate

  1. Fix the vulnerability that caused the breach
  2. Implement additional safeguards to prevent recurrence
  3. Force password resets if credentials were compromised
  4. Update security policies if needed

Step 6: Document and Review

  1. Create a complete written record of the breach: timeline, scope, response actions, notifications sent
  2. Conduct a post-incident review within 14 days
  3. Update this Breach Response Plan with lessons learned
  4. Report findings to stakeholders

5. Notification Templates

Information Regulator Notification (summary)

Responsible party: Tapnet Solutions (Pty) Ltd
Platform affected: hustler.co.za
Information Officer: Wynand de Beer (wynand@tapnet.co.za, 079 174 8357)
Date of breach: [Date]
Date discovered: [Date]
Nature of breach: [Description]
Data affected: [Categories]
Number of data subjects: [Count]
Measures taken: [Actions]
Recommendations to data subjects: [Actions users should take]

User Notification Email (summary)

Subject: Important: Security notice about your Hustler account

Dear [Name],

We are writing to inform you of a security incident affecting your hustler.co.za account. [Description of what happened]. The following information may have been affected: [list]. We have [actions taken]. We recommend you [user actions, e.g., change your password]. If you have questions, contact wynand@tapnet.co.za. You also have the right to lodge a complaint with the Information Regulator at enquiries@inforegulator.org.za.

6. Delay of Notification

Notification may only be delayed if:

  • A law enforcement agency requests a delay to support an investigation
  • We need additional time to determine the scope (but we must justify this to the Regulator)

In all other cases, notification must be made as soon as reasonably possible.

7. Third-Party Breaches

If a breach occurs at one of our operators (Neon, Vercel, Resend, PayFast, Google):

  • We will assess the impact on our users immediately upon notification
  • We will notify the Information Regulator and affected users if personal information was compromised
  • We will cooperate with the operator's investigation
  • We will review our relationship with the operator and assess whether to continue using their services

8. Review

This plan is reviewed annually and after every incident. The Information Officer is responsible for keeping it current.

9. Contact

Information Officer: Wynand de Beer
Tapnet Solutions (Pty) Ltd
Email: wynand@tapnet.co.za
Phone: 079 174 8357
Address: 594 Bombani Street, Elarduspark, Gauteng, 0181