Credit bureau Experian’s data systems were breached by a suspected fraudster who appears to have made off with the personal information of 24 million South Africans.
The company confirmed the breach on Wednesday, saying that it was working with law enforcement and regulatory authorities to minimise the impact.
Accountants should alert their clients to this data breach and warn them not to disclose their confidential banking information to anyone.
Curiously, this data breach arises just as the Protection of Personal Information (POPI) Act has come into force, carrying hefty fines.
Banks are expected to communicate with their customers to explain how to protect their personal information. The South African Banking Risk Centre (SABRIC) has issued a statement advising banking clients on steps to take to secure their personal information. The breach of data potentially allows criminals to impersonate banking customers, but this does not automatically mean they have access to banking accounts unless customers are tricked into disclosing confidential banking information.
SABRIC’s statement advises the following precautionary steps:
- Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.
- Change your password regularly and never share them with anyone else.
- Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
- For further advice, please see www.safps.org.za
African Bank has confirmed that sone of its customers’ data has been stolen from the Experian platform. “The breach of data means that certain customers’ personal information, including the likes of identity numbers, cell numbers etc. has been compromised. The compromise of personal information can create opportunities for criminals to impersonate an individual but does not provide access to a customers’ banking account or details,” says African Bank in a statement..
Chief Risk Officer of African Bank, Piet Swanepoel noted, “This breach of personal information does impact our credit customers because we have to, by law disclose all details of customers who have credit with us to three credit bureaus, one of which is the Experian credit bureau.”
Swanepoel says it is important to note that its customer’s banking credentials have NOT been breached, “so fraudsters will not be able to access any of our customers’ banking details. We have in any event enhanced our security measures to protect our customers.”
Customers are advised to monitor their accounts and always report suspicious behaviour, should they see any. Customers can call African Bank on 0861 111 011 should they need to alert the bank to any suspicious activity on their account.
Banks are warning customers to remain aware that fraudsters can impersonate a bank and contact customers and pretend to be their bank since they may know their ID and their cell numbers”.
Swanepoel advises all banking customers to remain vigilant against possible fraud and to:
“Never disclose usernames, passwords, PINs or One Time Pins (OTPs) when asked to do so by anyone via telephone, fax, text messages or even email, no matter how believable they are. African Bank will NEVER ask this information of you.”
Change your passwords regularly and never share them with anyone.