Last week Thursday, South Africans found out about the Experian data breach, thanks to a statement issued by South African Banking Risk Information Centre (SABRIC). Potentially the largest data breach the country has experienced to date, it exposes the data of an estimated 24 million citizens and 800 000 business, as Experian is a credit bureau.
In the wake of the Experian data breach, it was disclosed that some simple social engineering resulted in the data getting into the wrong hands, with the company stating that no nefarious activities have been performed with said data.
While that is yet to be confirmed, what is known is that Experian had knowledge of the breach in July already, and chose not to disclose it to the public quickly enough, as it should have.
Added to this, Experian has remained relatively mum on the subject, leaving it to South African businesses to reassure customers that no data has been compromised, and stricter procedures are being put in place as a result. Many organisations are also advising customers to change their financial login credentials, and to be on the lookout for any suspicious activity.
While the latter is something that should be commonplace regardless given the higher frequency of cyberattacks during lockdown, as mentioned, local businesses are detailing the steps that they are taking following the Experian data breach.
To that end we’ve rounded up some of the statements we’ve received to date, with the likes of Absa, FNB and Standard Bank being some of the first firms to issue responses.
So here’s how local businesses have responded to date.
“Absa takes the protection of your personal information extremely seriously and we have engaged with Experian to better understand what occurred and the steps they have taken to mitigate the impact,” the bank noted in a statement to customers.
“We have put the necessary precautionary measures in place to protect our customers. To this end, we have heightened the monitoring of your portfolio and will engage you should we detect any suspicious activity. We urge you to contact us immediately on our Fraud Hotline (0860 557 557) should you notice any suspicious behavior or if in doubt,” it adds.
“The banking industry is aware that a credit bureau has experienced an external data breach. The protection of our customers’ banking information is our utmost priority. We continue to apply our enhanced security measures to protect you,” the organisation noted in an SMS to customers.
“Please call 0860 11 11 77 if you suspect any fraudulent activity on your account. Please stay vigilant,” it concludes.
“We are working with The South African Banking Risk Information Centre (SABRIC), The Banking Association of South Africa (BASA), law enforcement and regulatory authorities to mitigate any potential risks on our customers as a result of the incident,” said FNB in a statement last week.
“Customers are advised to be extra vigilant and follow our recommended security precautions, which can be found on Security Centre on the FNB App and Online Banking. The Bank is communicating directly to customers who may have been impacted from a banking perspective,” adds FNB.
“MiX Telematics confirms that we make use of Experian’s services for certain credit verification purposes, however, our interactions with Experian are limited. We have only verified personal information on Experian’s existing database and have not shared any additional personal information with Experian. We do not submit data to the credit bureau and thus no MiX Telematics data is stored with them,” explains the logistics and tracking specialists.
“We have confirmed directly with Experian that no MiX Telematics data was involved. We urge all of our Customers to be vigilant with their personal information and to make regular use of personal credit reports in order to monitor their credit activity,” it advises.
“The banking industry has been made aware that some of our customer information has been fraudulently obtained through an external credit bureau data breach. We have enhanced our security measures to protect you,” explained Standard Bank in an SMS to customers.
“Please call 860 123 000 if you suspect any fraudulent activity on your account or visit www.Standardbank.co.za,” it adds.
As the above notifications and messages sent to customers note, while steps are being taken by local businesses, much of the responsibility falls on South African citizens to ensure their data is not compromised.
Add to this that at the time of writing, Experian is yet to note what kind of penalties it will incur as a result of this data breach, as well as what measures it will put in place to ensure a massive incident like this does not happen again.
[Image – CC 0 Pixabay]