Magazine Button
Personal details of 24 million South Africans may have been hacked after attack on credit bureau

Personal details of 24 million South Africans may have been hacked after attack on credit bureau

Banking & FinanceEnterprise SecurityIndustry VerticalsIntelligent TechnologyRegional NewsRegionsSouth AfricaTop Stories

South Africa has just been hit by one of the largest-ever data breaches after Experian, one of the country’s biggest credit bureaus, was hacked.

Experian said the personal information details of as many as 24 million South Africans, and nearly 800,000 business were compromised. These records were “exposed to a suspected fraudster”.

Experian has reported the breach to law enforcement and regulatory authorities. Banks are currently working with Experian to identify which of their customers have been exposed.

Experian collects credit information about consumers from banks, retailers and other parties. That means that even if you haven’t interacted with Experian, your personal details and financial history may have been compromised. If so, you may be very vulnerable to having your identity impersonated.

“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” said Nischal Mewalall, CEO, South African Banking Risk Centre (SABRIC).

“Banks have been working with Experian and SABRIC to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds,” SABRIC said in a statement.

It added that the affected banks would speak to customers about how they may be affected by the breach and what is being done.

The breach is similar to the attack on the US credit bureau Equifax in 2017. Personal records of nearly 150 million people were compromised as part of the largest data-breach in history. The breach forced Equifax to come to a settlement of US$ 600 million with the US Federal Trade Commission, and offer payouts to affected customers.

It’s the latest in a series of hacker attacks to hit South Africa this year. Earlier this week Momentum Metropolitan warned that hackers had accessed data at one of its subsidiaries, but that client information was not stolen

In June, Life Healthcare, which has 66 hospitals in South Africa, was hit by a “criminal attack” on its IT systems.

What should you do if your identity has been compromised?

According to SABRIC, “should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder. Consumers wanting to apply for a Protective Registration can contact SAFPS at [email protected]

What steps can you take to secure your identity?

Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.

Change your password regularly and never share them with anyone else.

Verify all requests for personal information and only provide it when there is a legitimate reason to do so.

First National Bank (FNB) has said it had been made aware of the breach and was working ‘to mitigate any potential risks on our customers as a result of the incident’.

“The bank is communicating directly to customers who may have been impacted from a banking perspective. The protection of our customers’ banking information is our utmost priority,” FNB said in a statement.

African Bank said in a statement that the breach meant that some customers’ personal information – ‘including the likes of identity numbers [and] cell numbers’ – had been compromised.

“The compromise of personal information can create opportunities for criminals to impersonate an individual but does not provide access to a customers’ banking account or details,” African Bank said.

Piet Swanepoel, Chief Risk Officer, African Bank, said: “This breach of personal information does impact our credit customers because we have to, by law disclose all details of customers who have credit with us to three credit bureaus, one of which is the Experian credit bureau. Of importance is that our customer’s banking credentials have not been breached, so fraudsters will not be able to access any of our customers’ banking details.”

Click below to share this article

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive