Experian, a consumer, business and credit information services agency has experienced a breach of data which has exposed some personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.
Experian has confirmed that the breach has been reported to law enforcement and the appropriate regulatory authorities. Banks have been working with Experian and South African Banking Risk Centre (SABRIC) to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds. Banks and SABRIC have also been co-operating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.
“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” says SABRIC CEO, Nischal Mewalall.
Commenting on the breach, Experian South Africa noted it is continuing to investigate the incident. “Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian. The services involved the release of information which is provided in the ordinary course of business or which is publicly available.
“We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”
The company continued that the suspect was identified and that it was successful in obtaining and executing an Anton Piller order which resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted.
“We are continuing the legal process in this regard, including co-ordination with law enforcement and relevant authorities,” the company continued.
Experian Africa CEO Ferdie Pieterse added, “I would like to apologise for the inconvenience caused to any affected parties. Our first priority is to help and support consumers and businesses in South Africa.”
Protecting yourself
As a precaution, Experian also advises anyone who may have concerns to regularly check their credit report by visiting www.mycreditcheck.co.za where they can access their personal credit report for free, for life.
SABRIC adds: Should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder. Consumers wanting to apply for a Protective Registration can contact SAFPS at [email protected]
Maher Yamout, senior security researcher at Kaspersky, has the following advice: “Such type of threats can jeopardise users’ personal information and make them subject to online identity theft and phishing attacks. With all of this personal data being exposed, it is a safe bet that scammers will look to use this information to their benefit. We urge all users who think they might have been affected to stay vigilant and careful online. When reading emails, social media posts, or even getting SMS, make sure that the sender is who they say they are and keep an eye out for phishing emails.
“We also advise users to change their passwords and never use the same password for multiple accounts because if one account is jeopardised, criminals might gain access to your other accounts.
“Lastly, affected users should assess the type of personal information leaked and try to replace it whenever possible to avoid potential risks (for example, if passport copy is leaked, try to replace it with a new one). There are some quick wins you can do to proactively monitor your identity both online and off:”
SABRIC and SAFPS urges bank customers and other consumers to follow sound identity management practices to mitigate the risk of impersonation and fraudulent applications in your name. “Think of your identity information in the same way as you think of cash,” explains Manie van Schalkwyk, SAFPS CEO, “Keep it safe and secure at all times, because once it is compromised, it can be used by anybody.”
It is also recommended that bank customers follow precautionary measures, including:
• Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.
• Change your password regularly and never share them with anyone else.
• Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
Echoing the above, Kaspersky advises the following:
• Monitor banking accounts. This may seem like a no-brainer, but you should keep a regular eye on your banking and credit card accounts. If you see transactions that you do not recognise, contact your banking institute to dispute them.
• Enable SMS alerts. If you want to make sure that you’re up to the minute with your banking, you can set up SMS alerts when transactions are made. If you do not recognise one, you can contact the bank immediately as opposed to seeing this online a few days later.
• Sign up for an identity theft monitoring service. There are countless services out there that can help secure your online and real world identity. This type of service could be useful if you are impacted or are afraid that you may have been.
• Be vigilant online. Be careful with sharing your information online and stay alert for any email or message you receive. Tips on avoiding phishing can be found at https://www.kaspersky.com/resource-center/preemptive-safety/phishing-prevention-tips
• If you are a business, be aware that social engineering is one of the most common attack vectors nowadays. Consider using Kaspersky ASAP (https://asap.kaspersky.com/en/) or similar training to introduce your employees to the basics of cybersecurity hygiene.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version