[BreachExchange] 1.7 million Nedbank clients’ personal data compromised

Destry Winant destry at riskbasedsecurity.com
Fri Feb 14 10:10:17 EST 2020


https://mybroadband.co.za/news/banking/338626-1-7-million-nedbank-clients-personal-data-compromised.html

Nedbank announced that it has discovered a security breach at Computer
Services Ltd, a third-party service provider which issues SMS and
email marketing on behalf of the bank.

“A subset of the potentially compromised data at Computer Facilities
included personal information (names, ID numbers, telephone numbers,
physical and/or email addresses) of some Nedbank clients,” the bank
said.

The security breach was discovered during a routine monitoring
procedure, and once the bank became aware of it, it immediately
conducted an extensive investigation.

1.7 million clients were affected by this security issue, with 1.1
million of those clients being active. The following information was
exposed:

Names
ID numbers
Telephone numbers
Physical addresses
Email addresses

“We have moved swiftly to proactively secure and destroy all Nedbank
client information held by Computer Facilities (Pty) Ltd. Information
from Nedbank Retail relating to approximately 1.7 million clients were
potentially affected of which 1.1 million are active clients,” said
Nedbank.

Communicating with clients

Nedbank said the incident was isolated to Computer Facilities’
systems, which it has disconnected from the Internet until further
notice as a precautionary measure.

“We regret the incident that occurred at the third-party service
provider, namely Computer Facilities (Pty) Ltd and the matter is
receiving our urgent attention. The safety and security of our
clients’ information is a top priority,” said Nedbank chief executive
Mike Brown.

“We take our responsibility to protect our client information
seriously and our immediate focus has been on securing all Nedbank
client data at Computer Facilities (Pty) Ltd, which we have done.”

“In addition to this, we are communicating directly with affected
clients. We are also taking the necessary actions in close cooperation
with the relevant regulators and authorities,” he said.

Nedbank assured users that Computer Facilities did not have any links
to its systems.

“Our team of IT specialists and external cybersecurity experts have
been working continuously with them since we became aware of this
matter,” said Nedbank chief information officer Fred Swanepoel.

“Clients’ bank accounts have not been compromised in any manner
whatsoever and clients have not suffered any financial loss.”

Nedbank said it remains vigilant against cybercrime and has advised
Computer Facilities of its obligation to notify its other customers of
the incident.

Clients’ bank accounts are not at risk and they do not need to take
any further action other than continuing to be vigilant against
attempts at fraud, the bank said.


More information about the BreachExchange mailing list