Regulator seeks meeting with Liberty over data hack
THE INFORMATION Regulator this week requested an urgent meeting with Liberty Holdings to get an understanding of how its datastorage system was breached by hackers recently.
According to Sanews, the government news agency, the chairperson of the regulator, Advocate Pansy Tlakula, said on Monday that the regulator had written to the chief executive of Liberty Holdings, David Munro, to find out how the breach occurred, the extent of the breach, the interim measures put in place to prevent further compromises, and measures taken to inform affected customers.
Last weekend, Liberty announced that hackers had claimed to have seized data from the assurer and demanded a ransom. However, Liberty said it made no concessions to the hackers, and there was no evidence that its customers had suffered any financial loss.
Liberty said it will inform customers individually if it discovers they might have been affected.
Although not all the provisions of the Protection of Personal Information Act have come into effect, the regulator has encouraged organisations to comply with the Act. Section 19 requires responsible parties to put in place measures to secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate and reasonable technical and organisational measures to prevent the loss of, damage to, or unauthorised destruction of personal information, or unlawful access to or processing of personal information.
Matt Boddy, a security specialist at IT security firm Sophos, says: “Cybercriminals claim to have broken into Liberty, stolen some data, and for a suitable blackmail payment will keep it secret. If not, they’ll leak it to the world.
“Liberty has refused to pay, and good on them – after all, there’s no guarantee that the crooks wouldn’t leak the data anyway, or sell it to other crooks, or come back with bigger demands next month. In fact, now that the crooks have this data, what if they get hacked and the data is stolen by someone else? The payfor-silence game could go on forever.
“This isn’t like a ransomware attack, where crooks demand money to get your computer system running again. In an extortion attack of the sort against Liberty, you’re ‘paying for a negative’, essentially trusting the crooks for evermore.”
Boddy says that if you’re a Liberty customer, watch out for news from the company about the breach, keep an eye on your statements, and be vigilant about e-mails, phone calls and text messages that offer to ‘help you recover’ from this incident.
“These messages could come from anyone,” he says. “Look up the contact details yourself, for example, on an old statement, or use a search engine.” SIMPLY Financial Services (Simply) has introduced a life assurance product for households that want to offer their domestic workers life and disability cover.
The product, called Domestic Cover, comprises life, disability and funeral cover.
Until recently, there haven’t been many life assurance options for the average domestic worker, with most products limited to funeral cover. As a result of the financial challenges many workers face, they often struggle to keep up with the premium payments, so in many cases their cover lapses and isn’t in place when it’s needed.
Simply says that Domestic Cover can be customised to suit a person’s needs and budget. The policies are underwritten by Old Mutual Alternative Risk Transfer, an insurer in the Old Mutual group.
“Simply’s aim is to provide a significant new level of financial security to people in this segment,” says Anthony Miller, the chief executive of Simply Financial Services.
Miller says Domestic Cover delivers “great value”. For example, a 30-year-old woman earning R4 500 a month gets R100 000 life cover,
R150 000 disability cover and R15 000 family funeral cover (which covers the insured person, the spouse and up to five children) for R92 a month.
By putting the responsibility for paying the premium on the employer, the risk of cover being cancelled because of non-payment is greatly reduced, so the cover will be there when it is needed.
If the domestic worker changes employer, he or she can take over the premium payments on the same terms, or ask the new employer to take over the policy, Miller says.
You sign up online. The process “takes less than 10 minutes” and requires you to fill in some personal details and answer three healthrelated questions. – Staff Reporter