It appears that as feared, following Momentum’s cyber attack last week, that efforts to attack other South African companies have ramped up. The SA Banking Risk Information Centre (Sabric) has confirmed that credit bureau Experian suffered a large-scale data attack which has reportedly “exposed some personal information of as many as 24 million South African and 800 000 business entities”, as reported by TimesLive.
While many people might not have used Experian directly, it is used by many financial institutions to verify credit history and it likely means that the attackers have acquired the details of most South Africans, including ID numbers, addresses, email addresses, phone numbers and even possibly bank account numbers. Details that have now ended up with a suspected fraudster, which Sabric believes puts many of us at risk of identity theft and having other sensitive information exposed. Sabric is trying to minimise the fallout by working with different banks:
Banks have been working with Experian and Sabric to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds.
It’s not clear exactly how the data attack occurred, but it’s best we all be on high alert for any potential identity fraud. Sabric has advised people to apply immediately for a free protective registration listing with the Southern African Fraud Prevention Service (SAFPS) at [email protected] should they suspect any activity.
This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder. We are working closely with Experian, Sabric, the Banking Association of South Africa (Basa) and the Southern African Fraud Prevention Service (SAFPS) to give this investigation the support and urgency it deserves
Banks are also going to communicate to customers about how they may be affected by the breach and any further actions that they may need to follow.
As for Experian themselves, if he investigation find that they were negligent in any way with their data security protocols, it’s likely that they could face a massive fine or even be shut down completely by the authorities, given the scale of the breach.