Experian data breach: Suspect identified, hardware impounded, personal info secured
As you may have heard in the news during the week, there was a security breach at Experian, one of the largest consumer and business data management companies. It was stated that large amounts of data was compromised, including names and contact details of those in the database.
It has since been announced that the culprit has been identified and the stolen data has been secured.
You are however urged to remain vigilant as the data may already be in the wrong hands and there is no prize for guessing what they will do or attempt to do with it. Some of the ways you can try to protect yourself is by not sharing personal information (Identification details, addresses, passwords and PINs) online or telephonically unless you are able to authenticate the person or organisation contacting you.
Avoid following links on emails purporting to be from, among others, banks, SARS, etc.
You may even receive emails that look to be from your work server (domain and all), please apply your mind before carrying any instructions.
You cannot be too careful with this as even if you are not sharing your data, customers, suppliers, employers etc do share data and it is inevitable that a third party will have access to it, so the best you can do is be vigilant.
Below is an informative article on this event, please take time to read as it provides security recommendations.
JOHANNESBURG – Experian South Africa said it had identified the suspect in the data breach reported on Wednesday and confirmed that was successful in obtaining and executing an Anton Piller order which resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted.
“We are continuing the legal process in this regard, including coordination with law enforcement and relevant authorities,” the consumer, business and credit information services agency said.
Experian said it was continuing to investigate and the investigations indicated that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian. The services involved the release of information which is provided in the ordinary course of business or which is publicly available.
The company said the South Africa bureau’s infrastructure, systems and database had not been compromised.
“We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.
“Furthermore, upon discovering the incident, Experian South Africa notified the National Credit Regulator and the Information Regulator of the incident. We have also been engaged with BASA, SABRIC and the prudential authority at the SARB,” it said.
Experian Africa chief executive Ferdie Pieterse said: “I would like to apologise for the inconvenience caused to any affected parties. Our first priority is to help and support consumers and businesses in South Africa.
“As a precaution, we advise anyone who may have concerns to regularly check their credit report. You can do this by visiting www.mycreditcheck.co.za where you can access your personal credit report for free, for life.”
Standard Bank said it was aware that Experian South Africa was investigating an external credit bureau incident in which some of its client demographic information was fraudulently provided to a third party posing as a legitimate client of Experian.
“We are working closely with Experian, the South African Banking Risk Information Centre (SABRIC), the Banking Association of South Africa (BASA) and the Southern African Fraud Prevention Service (SAFPS) to give this investigation the support and urgency it deserves.
“We have proactively stepped up our authentication processes and our fraud prevention and detection strategies to protect our clients. As our measures are security-sensitive, we are unfortunately not able to divulge more details. We understand the anxiety that this will cause for our clients and wish to assure them that we are doing everything possible to protect them during this difficult time,” said Standard Bank.
The lender advised clients to do the following:
⦁Change banking passwords on our digital banking platforms and social media passwords
⦁For personal clients, register for DigiMe on the Standard Bank App
⦁Register for MyUpdates (free Standard bank SMS service) to be notified of all transactions over R100 on your accounts
⦁Contact the bank or your relationship manager immediately if you suspect your bank account(s) or card(s) have been compromised
⦁Do not share your personal details, banking details or one-time pin with anyone
⦁Register with SAFPS for protective registration – if anyone tries to apply for banking products with your ID, it will be declined or referred for further review. To do this go to https://www.safps.org.za/Home/OurServices_ApplyProtectiveRegistration\
Standard Bank said understandably, concerned clients would want to know how their personal and business information was shared with Experian.
“Banks are required to submit to and obtain data from the credit bureaus. This is stipulated in the National Credit Act in instances which require a credit provider to check a consumer’s debt agreement history.
“Experian is one of the credit reporting partners to the financial services industry in South Africa to help institutions in making credit and loan decisions. Credit bureaus receive information from all creditors, as well as information from public records, such as property, court and Companies and Intellectual Property Commission records,” said the lender.
Standard Bank reassure clients and staff that it was treating this incident, and the investigation surrounding it, with the utmost priority and attention while working closely with Experian, SABRIC, SAFPS and BASA.