Red flags over Liberty breach
For the hundreds of thousands of South Africans – and those elsewhere in the world – who are connected financially in some way to the giant Liberty Holdings group, it must have been cold comfort to hear the company give the assurance that its IT staff were working “around the clock” to sort out the mess.
Not surprisingly, the company’s stock took a smack on the Johannesburg Stock Exchange yesterday as markets reacted nervously to what is one of the biggest data breaches – at least that we know about – in recent SA history.
It seems that the Liberty system was hacked by people demanding a ransom, failing which the data would be distributed across the dark web, that sinister, secretive, hidden corner of cyberspace which is the domain of criminals, terrorists and paedophiles.
Most worrying about the hacking, say experts, was the first the company heard about it was a ransom demand from the data “kidnappers”. That, according those who know, points to the fact that Liberty’s systems were either shockingly lax, or that insiders in the group helped the hackers gain access.
The fact that so much data is apparently at risk also indicates that the company did not take adequate steps to compartmentalise information, or to encrypt it; steps which would have minimised the scope of the intrusion.
Experts say the fact that the data is said to be mainly e-mails and attachments also points to flaws in Liberty security.
This sort of electronic theft is becoming commonplace around the world and companies are having to spend fortunes to counter it.
Although Liberty has assured its customers that, as far as the company has managed to ascertain, no one has suffered financial loss, we hope this is not PR spin to cover the reality that the horse has bolted.