Click on play to listen to Interview with Experian
What an epic year 2020 has become. On top of a kinetic war against terrorists, biological warfare against COVID 19 we are now also faced with a cyberwar. The SA Banking Risk Information Centre (Sabric) has confirmed that the credit bureau Experian was hacked in a data attack that “has exposed the personal information of as many as 24 million South Africans”. Including credit history and personal data.
Nearly 800,000 businesses have also fallen prey to a “suspected fraudster”, Sabric said.
Experian has confirmed that the breach has been reported to law enforcement and the appropriate regulatory authorities. Banks have been working with Experian and South African Banking Risk Centre (SABRIC) to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds. Banks and SABRIC have also been cooperating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.
South African banks take the security of their customer data very seriously and have put in place robust risk mitigation strategies to detect potential fraud on accounts and protect their customers. Banks will communicate with their customers about how they may be affected by the breach and what is being done to protect them.
“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” says SABRIC CEO, Nischal Mewalall.
According to the risk centre, Experian confirmed the breach, which has been reported to law enforcement.
READ MORE: SABRIC press release
It added that the affected banks would speak to customers about how they may be affected by the breach and what is being done.
“The compromise of personal information can create opportunities for criminals to impersonate you, but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” warned Sabric CEO Nischal Mewalall.
Sabric advised that if anyone suspects that their identity has been compromised, they should apply immediately for a free protective registration listing with the Southern African Fraud Prevention Service (SAFPS).
“This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder,” it said.
Consumers wanting to apply for a protective registration can contact SAFPS at [email protected].
Standard Bank on Wednesday confirmed that some of its clients had been affected.
“We are working closely with Experian, Sabric, the Banking Association of South Africa (Basa) and the Southern African Fraud Prevention Service (SAFPS) to give this investigation the support and urgency it deserves,” it said in a statement.
First National Bank said on Wednesday night that it had been made aware of the breach and was working “to mitigate any potential risks on our customers as a result of the incident”.
“The bank is communicating directly to customers who may have been impacted from a banking perspective. The protection of our customers’ banking information is our utmost priority,” it said in a statement.
African Bank said in a statement that the breach meant that some customers’ personal information
“including the likes of identity numbers [and] cell numbers” – had been compromised.
The bank’s chief risk officer, Piet Swanepoel, said: “This breach of personal information does impact our credit customers because we have to, by law disclose all details of customers who have credit with us to three credit bureaus, one of which is the Experian credit bureau. Of importance is that our customer’s banking credentials have not been breached, so fraudsters will not be able to access any of our customers’ banking details.”
Interview with Radio 702
Experian South Africa disputes the reported numbers.
Bruce Whitfield interviewed the CEO of the consumer credit information services agency, Ferdie Pieterse.
He strongly denies that the company was hacked.
For the record… Experian in no sense, way or form was hacked. None of our systems were either penetrated or hacked, as you call it. None of our data bases and any of our records.Ferdie Pieterse, CEO – Experian South Africa
… a perpetrator using very smart facial engineering techniques put himself forward as a known customer of Experian and contracted with us in the normal course of business and in that way illegally obtained the records of 23.4 million individuals.Ferdie Pieterse, CEO – Experian South Africa
We provided contact information – telephone numbers and addresses – back to this individual.Ferdie Pieterse, CEO – Experian South Africa
Also, those numbers are incorrect. The perpetrator provided us with 793, 749 records and once we actually went through our processes systems we only returned 607,000 records back to them.Ferdie Pieterse, CEO – Experian South Africa
Ferdie, you’re putting lipstick on a bulldog here I’m afraid. The fact is, someone managed to get access to private information and that should never have happened!Bruce Whitfield, The Money Show host
Sabric has confirmed that the breach has been reported to law enforcement and the appropriate regulatory authorities.
Banks will communicate with their customers about how they may be affected by the breach and what is being done to protect them.South African Banking Risk Information Centre
We advise all South African Readers to contact their Financial Institutions and take all precautions against – identity theft