Data breach: 24 million South Africans’ data exposed - IronTree

For COVID-19 updates, visit official government website www.sacoronavirus.co.za

Data breach: 24 million South Africans’ data exposed

As many as 24 million South Africans and almost 800 000 businesses may have been affected by a major data breach to hit credit bureau Experian.

A fraudster posing as a client of the credit bureau gained access to the details via social engineering, rather than hacking. The attacker’s success shows how easy it is for cyber criminals to execute unlawful events, despite constant reminders from cyber security providers to put comprehensive measures in place to minimise the risk of attack.

South African banks are in the process of working with Experian to determine which of their clients’ data has been exposed. By law banks have to disclose details of customers who have credit with them to three credit bureaus, including Experian.

In response to the incident, Experian has issued a statement saying its investigations indicate the misappropriated data hasn’t been used for fraudulent purposes. Also, no consumer credit or consumer financial information such as banking details were obtained.

However, a breach of basic personal information such as ID numbers, phone numbers and addresses can still lead to the possibility of impersonation. The South African Banking Risk Centre warns that attackers can use personal information to trick you into disclosing your confidential banking details, so extra vigilance is required when opening emails, and responding to them.

What does it say about the state of data protection in SA?

On hearing this news South Africans may well feel violated. If you’ve borrowed money or entered into any formal financial transaction, Experian is likely to hold information about you such as your personal details and financial history.

Experian also holds rental information, all the addresses you may be, or have been, linked to, electoral role information, credit details and details of public orders. We can request this data about ourselves, but do we have the certainty that it’s being kept securely?

The other question is: if large corporate enterprises don’t have state-of-the-art cyber security measures in place then how are small businesses faring in terms of their efforts towards data protection?

No business is too small to face a breach – each one needs cyber protection to protect itself against a disaster of this kind, not only in the interests of upholding its reputation, but in safeguarding its systems and protecting the valuable personal information of the people it holds.

Here at IronTree we eagerly await the rollout of the Protection of Personal Information Act (POPIA), South Africa’s equivalent of the EU’s GDPR, which will see each one of us empowered to control the destiny of our personal data.

IronTree is hard at work, working with the appropriate partners to ensure education and protection happens for businesses and individuals, so watch this space.

In the meantime, talk to us, and let’s tailor a data protection plan for your business.

Talk to us about POPIA

We are taking all necessary precautions around the COVID-19 situation. Our offices are closed and our team members have each been set up to work remotely in self-isolation at home. As far as possible IronTree will maintain business as usual. All our resources such as server platforms, transactional capacity, telephony and electronic communications, including video meeting facilities, have been configured in the cloud and are 100% operational. Please feel free to contact us if you require our assistance. Stay safe!
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.