BOOK THIS SPACE FOR AD
ARTICLE ADJessica Haworth 20 August 2020 at 12:03 UTC
Credit reporting agency handed data to fraudsters claiming to represent ‘legitimate client’
Experian South Africa has warned of a data breach after an unnamed fraudster obtained information on the country’s residents by posing as a client.
In a statement issued by the credit monitoring agency yesterday (August 19), Experian said it had identified the offender, who allegedly intended to use the data to create insurance and credit-related marketing leads.
A successful court order resulted in the data being deleted from the individual’s devices, Experian said.
“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian,” the statement reads.
“The services involved the release of information which is provided in the ordinary course of business or which is publicly available.”
Read more of the latest data breach news
According to Experian, no consumer credit or consumer financial data was compromised.
The agency also said its investigations “do not indicate” that any data has been used for fraudulent purposes.
Experian did not confirm how many people were potentially impacted by the incident, but reports from the South African Banking Risk Centre (SABRIC) suggested that as many as 24 million citizens and 794,000 businesses could have been affected.
The Daily Swig has reached out to both Experian South Africa and SABRIC for comment and will update this article accordingly.
Staff (awareness) shortage
Javvad Malik, security awareness advocate at KnowBe4, said: “Having robust technical security controls in place is essential for all organizations today.
“But in addition, it is equally important for organizations to have procedures that support security, and ensure all staff receive appropriate security awareness training.
“We continue to see more and more high-profile attacks take place with social engineering attacks – whether that be to get an employee to hand over credentials, set up a new payment, or send sensitive data.
“We will likely see more organizations targeted by social engineers, and therefore investing in staff is of paramount importance.”
READ MORE South African healthcare provider hit by cyber-attack