[BreachExchange] Massive credit bureau data breach exposes personal information of as many as 24 million South Africans

[Destry Winant]

https://businesstech.co.za/news/banking/427088/massive-credit-bureau-data-breach-exposes-personal-information-of-as-many-as-24-million-south-africans/

Experian, a consumer credit reporting company, says it has experienced
a breach of data which has exposed some personal information of as
many as 24 million South Africans, and 793,749 business entities, to a
suspected fraudster.

“Experian has confirmed that the breach has been reported to law
enforcement and the appropriate regulatory authorities,” the company
said in a statement on Wednesday (19 August).

“Banks have been working with Experian and South African Banking Risk
Centre (SABRIC) to identify which of their customers may have been
exposed to the breach and to protect their personal information, even
as the investigation unfolds.”

Banks and SABRIC have also been cooperating with Experian in their
efforts to secure the data and ensure the perpetrators are brought to
book, it said.

Experian said that banks will communicate with their customers about
how they may be affected by the breach and what is being done to
protect them.

“The compromise of personal information can create opportunities for
criminals to impersonate you but does not guarantee access to your
banking profile or accounts. However, criminals can use this
information to trick you into disclosing your confidential banking
details,” said SABRIC chief executive officer, Nischal Mewalall.

Should you suspect that your identity has been compromised, Experian
called on people to apply immediately for a free Protective
Registration listing with Southern Africa Fraud Prevention Service
(SAFPS).

This service alerts SAFPS members, which includes banks and credit
providers, that your identity has been compromised and that additional
care needs to be taken to confirm that they are transacting with the
legitimate identity holder, Experian said.

SABRIC and SAFPS urged bank customers and other consumers to follow
sound identity management practices to mitigate the risk of
impersonation and fraudulent applications in your name. “Think of your
identity information in the same way as you think of cash,” said Manie
van Schalkwyk, SAFPS chief executive.

“Keep it safe and secure at all times, because once it is compromised,
it can be used by anybody, often to impersonate you.”

It is also recommended that bank customers follow precautionary
measures, including:

Do not disclose personal information such as passwords and PINs when
asked to do so by anyone via telephone, fax, text messages or even
email.
Change your password regularly and never share them with anyone else.
Verify all requests for personal information and only provide it when
there is a legitimate reason to do so.

Update – Experian statement

Experian South Africa has released a statement regarding the data
breach, assuring customers that no financial data was compromised.

“Our investigations indicate that an individual in South Africa,
purporting to represent a legitimate client, fraudulently requested
services from Experian,” the company said.

“The services involved the release of information which is provided in
the ordinary course of business or which is publicly available.”

“We can confirm that no consumer credit or consumer financial
information was obtained. Our investigations do not indicate that any
misappropriated data has been used for fraudulent purposes.”

It added that its investigations show that the suspect had intended to
use the data to create marketing leads to offer insurance and
credit-related services.

“We have identified the suspect and confirm that Experian South Africa
was successful in obtaining and executing an Anton Piller order which
resulted in the individual’s hardware being impounded and the
misappropriated data being secured and deleted.”

“We are continuing the legal process in this regard, including
coordination with law enforcement and relevant authorities,” it said.

Experian South Africa notified the National Credit Regulator and the
Information Regulator of the incident, adding that its infrastructure,
systems, and database have not been compromised.

“As a precaution, we advise anyone who may have concerns to regularly
check their credit report,” it said.

“You can do this by visiting www.mycreditcheck.co.za where you can
access your personal credit report for free, for life.”