Financial Mail and Business Day

African Bank client data leaked

Garth Theunissen and Mudiwa Gavaza

One of African Bank’s debt collection service providers, Debt-IN, has suffered a data breach that compromised the personal information of several of its customers. Debt-IN was targeted by cybercriminals in April 2021.

One of African Bank’s debt collection service providers, DebtIN, has suffered a data breach that has compromised the personal information of several of its customers.

Debt-IN was targeted by cybercriminals in April 2021 but expert security advice received at the time indicated there was no evidence that the ransomware attack had resulted in a data breach, African Bank said on Wednesday. However, DebtIN has subsequently realised that the personal data of certain customers, including a number of African Bank loan customers who are under debt review, had been compromised.

Ransomware attacks involve hacking a company’s systems, stealing data and threatening to release that data unless a ransom is paid. In some cases, attackers take control of systems that can stop a business from operating until money is paid.

Debt-IN was confident that no data shared after April 1 2021 had been compromised, though a “robust mitigation plan” had been implemented by the debt recovery company to contain any further adverse effects on clients, according to the African Bank statement.

“We have been collaborating with Debt-IN to address this breach,” said Piet Swanepoel, chief risk officer of African Bank. “We have notified the relevant regulatory authorities and are alerting customers who have been affected.”

Debt-IN, which provides professional debt recovery solutions to a number of local financial services operators, said it suspected that consumer and personal information of more than 1.4-million South Africans was illegally accessed from its servers, though the breach only came to light last week.

It had been discovered that “confidential consumer data and voice recordings of calls between Debt-IN debt recovery agents and financial services customers” had been posted on hidden internet sites that are accessible only by a specialised web browser.

Cybercriminals have in recent years launched attacks on various SA companies including insurance groups Liberty and Old Mutual. In August 2020, Experian SA, a consumer credit reporting company, suffered a data breach that exposed the personal information of as many as 24-million people and 800,000 businesses.

State-owned ports operator Transnet declared force majeure in July after its container terminals at the Durban, Ngqura, Port Elizabeth and Cape Town harbours were disrupted by cyberattacks.

The global Cyber Exposure Index ranks SA sixth on its list of most-targeted countries for cyberattacks, an online threat that escalated in the Covid-19 pandemic when more people shifted their spending online and worked remotely.

African Bank said its fraud prevention team had enhanced security measures to protect its customers, but urged the public to remain vigilant against fraudulent attempts to access personal information such as usernames, passwords and onetime pins.

“If you detect any suspicious activity, or feel that your information has been compromised, you can apply for a free protective registration listing with the Southern African Fraud Prevention Services,” said Swanepoel. “This will alert banks and credit providers that an identity has been compromised.”

African Bank customers who suspected fraudulent activity on their accounts should contact the lender immediately, he said.

WE HAVE NOTIFIED THE REGULATORY AUTHORITIES AND ARE ALERTING CUSTOMERS WHO HAVE BEEN AFFECTED

Piet Swanepoel African Bank chief risk officer

FRONT PAGE

en-za

2021-09-23T07:00:00.0000000Z

2021-09-23T07:00:00.0000000Z

https://timesmedia2.pressreader.com/article/281535114133290

Arena Holdings PTY