[BreachExchange] Telkom affected by data breach

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Thu Sep 30 08:54:00 EDT 2021 

https://mybroadband.co.za/news/security/416296-telkom-affected-by-data-breach.html

A data breach experienced by debt collection agency Debt-In may have also
jeopardised the personal information of Telkom customers.

Telkom sent a message to its customers confirming the breach and suggesting
that its clients take the necessary steps to prevent the fraudulent use of
their information.

“Good Day, Debt-In, an agency collecting arrears accounts on behalf of
Telkom, experienced a data breach,” Telkom said in its message.

“Some of your personal info may be affected. We take the security of
customers’ data seriously and are addressing this breach with our vendor.”

“We are doing all within our power to mitigate this breach, but we suggest
you apply for Protective Registration with the SA Fraud Prevention Services
to prevent the fraudulent use of your details should they have been
compromised.”

This incident appears to be similar to the data breach experienced by
African Bank that resulted from a ransomware attack on Debt-In. The attack
happened in April, and African Bank reported it last week.

Debt-In initially believed that the attack in April hadn’t resulted in the
exposure of customer data.

However, the debt-recovery agency later discovered that the attack had
exposed the personal information of certain customers.

It did not reveal exactly what types of personal data was exposed.

According to African Bank, you should register with the Southern African
Fraud Prevention Services (SAFPS) if you detect any suspicious activity or
feel that your information has been compromised.

“This will alert banks and credit providers that an identity has been
compromised. You can apply by emailing protection at safps.org.za,” it stated.

MyBroadband contacted Telkom for comment but did not immediately receive a
response.

Update: Telkom said it became aware of the data breach from Debt-In on 22
September and proactively informed customers who may be affected by the
data breach.

“Debt-In is a third party debt collection service provider to Telkom,” the
company said.

“Telkom takes the security of its customer’s information seriously and is
in contact with Debt-In to understand the extent of the breach.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210930/f386b5ec/attachment.html>

More information about the BreachExchange mailing list