Consumer, business and credit information services agency Experian South Africa has confirmed that it has suffered a security breach that has exposed customer records.
The breach is thought to have exposed some personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.
The company is investigating what it is calling an “isolated incident in South Africa involving a fraudulent data inquiry”.
It says it appears that an individual, purporting to represent a legitimate client, fraudulently requested services including the release of information which is provided in the ordinary course of business or which is publicly available.
“We can confirm that no consumer credit or consumer financial information was obtained,” according to the Experian statement. “Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes.
“Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”
Experian has identified the suspect, and obtained and executed an Anton Piller order by which their hardware being impounded. The misappropriated data has been secured and deleted, the company states.
“We are continuing the legal process in this regard, including co-ordination with law enforcement and relevant authorities.”
Experian has notified the National Credit Regulator and the Information Regulator of the incident, and engaged with BASA, SABRIC and the prudential authority at the SARB.
The company stresses that its infrastructure, systems and database have not been compromised.
Experian Africa CEO Ferdie Pieterse says: “I would like to apologise for the inconvenience caused to any affected parties. Our first priority is to help and support consumers and businesses in South Africa.”
The South African Banking Risk Information Centre (Sabric) and the South African Fraud Prevention Services (SAFPS) have issued a statement alerting bank customers to the breach and advising them that their banks will communicate on who could be affected and what is being done to protect them.
Sabric CEO, Nischal Mewalall says: “The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts,”
“However, criminals can use this information to trick you into disclosing your confidential banking details.”
FNB has sent out a statement confirming that it is working with Sabric, the Banking Association of South Africa (BASA), law enforcement and regulatory authorities to mitigate any potential risks on its customers as a result of the incident.
It advises customers to be extra vigilant and follow recommended security precautions, which can be found on the Security Centre on the FNB App and online banking.
The bank is communicating directly to customers who may have been impacted from a banking perspective.