Experian South Africa has downplayed a data breach, in which it handed over the personal information of as many as 24-million South Africans and 793,749 business entities to a suspected fraudster, as an “isolated incident”.
The consumer credit reporting company said in a statement that Its investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian. The services involved the release of information which is provided in the ordinary course of business or which is publicly available.
“We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.
We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing an Anton Piller order which resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted. We are continuing the legal process in this regard, including coordination with law enforcement and relevant authorities.”
Banking sector response
Banks have been working with Experian and Sabric to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds. Banks and Sabric have also been cooperating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.
South African banks take the security of their customer data very seriously and have put in place robust risk mitigation strategies to detect potential fraud on accounts and protect their customers. Banks will communicate with their customers about how they may be affected by the breach and what is being done to protect them.
“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” says Nischal Mewalall, South African Banking Risk Information Centre (Sabric) CEO.
“This breach of personal information does impact our credit customers because we have to, by law disclose all details of customers who have credit with us to three credit bureaux, one of which is the Experian.
“Of importance is that our customer’s banking credentials have not been breached, so fraudsters will not be able to access any of our customers’ banking details. We have in any event enhanced our security measures to protect our customers.
“Customers should however remain aware fraudsters can impersonate a bank and contact customers and pretend to be their bank since they may know their ID and their cell numbers,” says Piet Swanepoel, chief risk officer, African Bank.
Photo by Chris Liverani on Unsplash / Article from www.bicommmunity.com