Top credit bureau identifies suspect, resecures data after breach
ONE OF THE country’s top credit bureaus, Experian, said yesterday that its systems had experienced a data breach which exposed the personal information of as many as 24 million South Africans and nearly 800 000 businesses to suspected fraudsters.
Experian said it had identified the suspect.
The consumer, business and credit information services agency said it was successful in obtaining and executing an Anton Piller order, which resulted in the suspect’s hardware being impounded and the misappropriated data being secured and deleted.
“We are continuing the legal process in this regard, including co-ordination with law enforcement and relevant authorities,” Experian said.
“We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”
Experian said it had received co-operation from banks and the SA Banking Risk Information Centre (Sabric).
Standard Bank said it was aware that Experian South Africa was investigating an external credit bureau incident in which some of its client demographic information was fraudulently provided to a third party posing as a legitimate client of Experian.
“We are working closely with Experian, Sabric, the Banking Association of South Africa and the Southern African Fraud Prevention Service (SAFPS) to give this investigation the support and urgency it deserves.
“We have proactively stepped up our authentication processes and our fraud prevention and detection strategies to protect our clients. As our measures are security-sensitive, we are, unfortunately not able to divulge more details. We understand the anxiety that this will cause for our clients and wish to assure them that we are doing everything possible to protect them during this difficult time,” Standard Bank said in a statement.
Sabric chief executive Nischal Mewalall said the compromise of personal information could create opportunities for criminals to impersonate another person but did not guarantee access to banking profile or accounts.
“However, criminals can use this information to trick you into disclosing your confidential banking details.
“Should you suspect that your identity has been compromised, apply immediately for a free protective registration listing with SAFPS. This service alerts members, which includes banks and credit providers, that your identity has been compromised and additional care needs to be taken,” said Sabric.
Sabric and SAFPS urged bank customers and other consumers to follow sound identity management practices to mitigate the risk of impersonation and fraudulent applications.
SAFPS chief executive Manie van Schalkwyk said: “Think of your identity information in the same way as you think of cash. Keep it safe and secure at all times, because once it is compromised, it can be used by anybody, often to impersonate you.”