[BreachExchange] Absa bank embroiled in data leak, rogue employee accused of theft

Destry Winant destry at riskbasedsecurity.com
Wed Dec 2 10:53:35 EST 2020


https://www.zdnet.com/article/absa-bank-embroiled-in-data-leak-rogue-employee-accused-of-theft/

Absa has notified customers of a data breach potentially compromising
their personal information.

The Johannesburg, South Africa-based financial services group, which
provides personal and business banking as well as wealth management
services, has pointed the finger at an employee for the security
incident.

Absa maintains a presence in 12 countries across the continent and
accounts for roughly 42,000 employees.

As reported by local publication MyBroadband, Absa sent an email to
customers on Monday informing them of the data breach. The message
said that personally identifiable information (PII) belonging to
clients was exposed to "external parties."

"We regret to notify you that Absa has identified an isolated internal
data leak whereby personal information of a limited number of Absa
customers was shared with parties external to the bank," the financial
group said.

ID numbers, contact details, physical home addresses, and account
numbers are thought to have been compromised. Absa has not revealed if
any other sensitive, financial data was involved in the data leak.

It is also not known how many customers have been impacted, although
the bank intends to monitor more closely for suspicious transactions
in a "small" number of its client base that may have had their
information stolen. If transfers are suspected of being fraudulent,
Absa will ring customers to verify transactions.

Absa says that additional security measures are being implemented, but
in the meantime, it is believed that a rogue employee is at fault.
According to local media, Absa has accused a staff member of making
"customer data available" to third-parties, illegally, and so criminal
charges have been brought against the unnamed individual.

Data was found on devices during search and seizure operations and has
been destroyed. The investigation is ongoing.

Only three months before this security incident, Absa Group Limited's
cybersecurity team was named the "Not for Profit Team of the Year" in
the 2020 Cyber Security Awards, with Absa CSO Sandro Bucchianeri
commended in the Cybersecurity industry "Personality of the Year"
category.


More information about the BreachExchange mailing list