South African banks have sent out security advisories to their customers following a significant data breach at Experian South Africa.
Experian is a consumer, business, and credit information services agency, whose major clients include several South African banks.
The breach exposed the personal information of as many as 24 million South Africans and 793,749 business entities.
“Banks and SABRIC have also been cooperating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book,” the South African Banking Risk Information Centre (SABRIC) said in a statement on the incident.
Following the disclosure of the incident, a number of major South African banks have issued statements to customers advising them of the nature of the breach.
The nature of the data that was compromised lends itself to potential use in identity theft attacks, and may include the following:
- First and last names
- ID numbers
- Telephone numbers
- Physical adresses
- Email addresses
Experian South Africa released a statement regarding the data breach yesterday, assuring customers that no financial data was compromised.
“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian,” the company said.
“We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing an Anton Piller order which resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted.”
South African banks have warned their clients to exercise caution following this data breach, with some warning customers to change their online and app-based banking passwords as a precaution.
Statements sent by Standard Bank, FNB, Absa, and Nedbank to their clients are below.
Standard Bank
Standard Bank acknowledged that it was affected by the data breach, which resulted in some of its customer demographic information being obtained fraudulently.
“The information that has been compromised includes ID number, residential and physical addresses and contact details,” it said.
“As Standard Bank, we have proactively stepped up our authentication processes and our fraud prevention and detection strategies to protect our clients.”
“As our measures are security-sensitive, we are unfortunately not able to divulge more details, and the fact that an investigation into the matter is currently underway,” the bank said.
It also urged its clients to take the following steps:
- Change banking passwords on our digital banking platforms and social media passwords.
- Register for DigiMe on the Standard Bank App Register for MyUpdates (free Standard bank SMS service) to be notified of all transactions over R100 on your accounts.
- Contact the bank or your relationship manager immediately if you suspect your bank accounts or cards have been compromised.
- Do not share your personal details, banking details or one-time pin with anyone.
- Register with SAFPS for protective registration – if anyone tries to apply for banking products with your ID, it will be declined or referred for further review.
“Understandably, concerned clients will want to know how their personal and business information was shared with Experian,” the bank said.
“As a bank, we are required to submit to – and obtain data from – the credit bureaus. This is stipulated in the National Credit Act which requires a credit provider to check a consumer’s debt agreement history.”
“Credit bureaus receive information from all creditors, as well as information from public records, such as property, court and ‘CIPC’ (Companies and Intellectual Property Commission) records,” it said.
Standard Bank said it was treating this issue with the utmost priority and attention and is working with Experian South Africa and SABRIC.
FNB
It advised customers to follow its recommended security precautions, which include the following:
- It is vitally important that you never give your Online Banking username and/or password to anyone.
- Never give your One Time PIN (OTP) to anyone.
- Never click on links in emails claiming to be from FNB.
- Never save your passwords to your browsers.
“The protection of our customers’ banking information is our utmost priority.”
Absa
“Experian is one of South Africa’s largest credit bureaus,” Absa said.
“Never share these details with anyone and report suspicious behaviour immediately,” Absa said.
Nedbank
“Your bank accounts are not at risk,” it said.
The bank provided the following tips for how to be safe:
- Never share your passwords or PIN with anyone.
- Never disclose your personal information to anyone who calls you, emails you, or SMSs you. Remember Nedbank will never contact you asking for this information.
- Contact Nedbank immediately should you suspect unauthorised use of your personal information.
“The safety and security of your information is a top priority,” Nedbank said.
“We will continue to monitor suspicious activity on client accounts.”
Investec
Mybroadband
Leave a Reply