Cyber breach: What Liberty says happened
Attackers got into a repository of data — largely emails and attachments — copied it and then demanded payment for it.
This is how financial services firm Liberty Holdings explained the breach of its information technology systems last Thursday. The company, which insures six million lives, administers 10 000 pension schemes and manages the savings of 500 000 people, saw a 5% drop in its share price in the wake of the news.
It only alerted customers to the attack two days later. But it says this was because specialist teams had to investigate the incident to verify the validity of the claim, and prioritise the protection of customer details and the security of the company’s IT systems. The relevant authorities also had to be alerted. “We believe we acted responsibly and made every effort to inform our customers once we were in a position to do so,” it said.
Why it took the hackers to alert Liberty to the breach has left customers baffled. Liberty said in response: “We live in a world of highly sophisticated criminals, whose methods evolve at an equal pace as the technology built to protect data from them.” This, it added, will become an “ongoing challenge” for all corporates.
The alleged hackers — revealed in a post by iAfrikan Digital founder Tefo Mohapi — claimed to have 40 terabytes of information.
Liberty is still trying to identify the full extent of the data that was stolen, it said, and investigations were ongoing. As a result, it could not indicate how old the emails and attachments were that were supposedly taken, or the amount of money the attackers asked for.
The company said it would “proactively advise” customers individually if and when it discovered they may have been affected.