Experian data breach

1 August 2020 News & Events

Experian, a consumer, business and credit information services agency has experienced a breach of data which has exposed some personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.

Experian has confirmed that the breach has been reported to law enforcement and the appropriate regulatory authorities. Banks have been working with Experian and South African Banking Risk Centre (SABRIC) to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds. Banks and SABRIC have also been co-operating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.

“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” says SABRIC CEO, Nischal Mewalall.

Commenting on the breach, Experian South Africa noted it is continuing to investigate the incident. “Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian. The services involved the release of information which is provided in the ordinary course of business or which is publicly available.

“We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”

The company continued that the suspect was identified and that it was successful in obtaining and executing an Anton Piller order which resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted.

“We are continuing the legal process in this regard, including co-ordination with law enforcement and relevant authorities,” the company continued.

Experian Africa CEO Ferdie Pieterse added, “I would like to apologise for the inconvenience caused to any affected parties. Our first priority is to help and support consumers and businesses in South Africa.”

Protecting yourself

As a precaution, Experian also advises anyone who may have concerns to regularly check their credit report by visiting www.mycreditcheck.co.za where they can access their personal credit report for free, for life.

SABRIC adds: Should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder. Consumers wanting to apply for a Protective Registration can contact SAFPS at [email protected]

Maher Yamout, senior security researcher at Kaspersky, has the following advice: “Such type of threats can jeopardise users’ personal information and make them subject to online identity theft and phishing attacks. With all of this personal data being exposed, it is a safe bet that scammers will look to use this information to their benefit. We urge all users who think they might have been affected to stay vigilant and careful online. When reading emails, social media posts, or even getting SMS, make sure that the sender is who they say they are and keep an eye out for phishing emails.

“We also advise users to change their passwords and never use the same password for multiple accounts because if one account is jeopardised, criminals might gain access to your other accounts.

“Lastly, affected users should assess the type of personal information leaked and try to replace it whenever possible to avoid potential risks (for example, if passport copy is leaked, try to replace it with a new one). There are some quick wins you can do to proactively monitor your identity both online and off:”

SABRIC and SAFPS urges bank customers and other consumers to follow sound identity management practices to mitigate the risk of impersonation and fraudulent applications in your name. “Think of your identity information in the same way as you think of cash,” explains Manie van Schalkwyk, SAFPS CEO, “Keep it safe and secure at all times, because once it is compromised, it can be used by anybody.”

It is also recommended that bank customers follow precautionary measures, including:

• Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.

• Change your password regularly and never share them with anyone else.

• Verify all requests for personal information and only provide it when there is a legitimate reason to do so.

Echoing the above, Kaspersky advises the following:

• Monitor banking accounts. This may seem like a no-brainer, but you should keep a regular eye on your banking and credit card accounts. If you see transactions that you do not recognise, contact your banking institute to dispute them.

• Enable SMS alerts. If you want to make sure that you’re up to the minute with your banking, you can set up SMS alerts when transactions are made. If you do not recognise one, you can contact the bank immediately as opposed to seeing this online a few days later.

• Sign up for an identity theft monitoring service. There are countless services out there that can help secure your online and real world identity. This type of service could be useful if you are impacted or are afraid that you may have been.

• Be vigilant online. Be careful with sharing your information online and stay alert for any email or message you receive. Tips on avoiding phishing can be found at https://www.kaspersky.com/resource-center/preemptive-safety/phishing-prevention-tips

• If you are a business, be aware that social engineering is one of the most common attack vectors nowadays. Consider using Kaspersky ASAP (https://asap.kaspersky.com/en/) or similar training to introduce your employees to the basics of cybersecurity hygiene.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
From the editor's desk: A burning issue
Technews Publishing News & Events
      Welcome to the first publication from SMART Security Solutions devoted to the fire industry. In the BMI report, sponsored by the Elvey Group, released earlier this year, fire was the smallest component ...

Read more...
From the editor's desk: Keeping them out, keeping you aware
News & Events
Alarm, intrusion, and perimeter protection have been part and parcel of South African society for years. Many years ago, a home alarm consisted of wires covering one’s windows, which caused an alarm ...

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
New State of Physical Access Control Report from HID
HID Global Editor's Choice Access Control & Identity Management News & Events
HID released the 2024 State of Physical Access Control Report, identifying five key trends shaping access control's future and painting a picture of an industry that has been undergoing considerable transformation.

Read more...
Workforce Consortium to reskill 95 million people
Editor's Choice News & Events AI & Data Analytics
ICT Workforce Consortium of global leaders has come together, committing to train and upskill 95 million people over the next 10 years, as 92% of jobs analysed are expected to undergo either high or moderate transformation due to advancements in AI.

Read more...
Tech Trailblazers seeks the most innovative and diverse investors in enterprise tech
News & Events
This year, the global enterprise tech startup awards, the Tech Trailblazers, is looking for the most innovative and diverse VCs as well as its usual hunt for groundbreaking tech start-ups.

Read more...
ONVIF standards drive growth in physical security market
News & Events
ONVIF has announced that more than 30 000 product models in the $120  billion global physical security market meet the ONVIF conformance requirements for interoperability.

Read more...
Western Digital reveals new solutions
Products & Solutions News & Events Infrastructure
Western Digital unveiled new solutions and technology demonstrations at the Future of Memory and Storage Conference 2024. The innovations cater to diverse market segments, from hyperscale cloud to automotive and consumer storage.

Read more...
Challenges in SMME financing and support
News & Events Financial (Industry)
In a step towards empowering small, medium, and micro enterprises (SMMEs), a recent forum was held in KwaZulu-Natal aimed at developing and growing SMMEs through public-private collaboration.

Read more...