Skip to main content

Data from SA’s massive info breach is ‘on the internet’, Experian now admits

| Africa

Information apparently drawn from a massive leak of its data is "on the internet", credit bureau Experian admitted on Tuesday night.Data breach


Staff Writer | Business Insider SA

To date the company has insisted it had contained the breach, after handing over data on millions of South Africans, and bank account details of businesses, to someone it describes as a fraudster.

Now it says it will work to stop the further spread of the information.

As part of its investigation, "we have identified files which we believe contain Experian data relating to the incident on the internet," Experian said in a statement.

"We continue to investigate these files and will take all steps available to us to reduce further dissemination if possible."

It also claimed – in direct contradiction to a timeline it has confirmed – to have taken "immediate steps to make sure that individuals and businesses in South Africa could take steps to protect themselves" once it became aware of the breach.

Experian announced the breach publicly in August, and banks started to issue warnings to their customers that the leaked information may be used to scam them.

What the company failed to mention, until questioned by Business Insider South Africa, was that it had handed over the information in late May, and noticed it had done so nearly two months later, in July.

It took nearly another month to investigate and obtain a private seizure order to recover the hardware on which the data had been stored.

Only after that did Experian tell consumers about the breach. 

Having seized the hardware, the company said, it had contained the incident.

"We have been monitoring the various platforms (i.e. the dark web) to ascertain whether the data is being offered for sale. We also employed a leading digital forensic investigator to assist us with our efforts," Experian said, when Business Insider asked how it knew the information had not been sold or distributed in the nearly three months it was with the "fraudster".

"Also, from our internal investigations we ascertained that the fraudster conducts an insurance and credit services market place and uses the information to contact consumers in order to offer services to consumers."

Experian has not said how it initially failed to detect the spread of the information, or exactly how it intends to contain the data this time around.

Pin It

Related Articles

Massmart said it would pay R650 million out of its own pocket after the looting in KwaZulu-Natal and parts of Gauteng in July was not fully recovered from its insurance cover. Dineo Faku | IOL Massmart, owners of Game, Makro and Builders Wareho...
South Africa’s leading beauty, health and lifestyle retailer Clicks yesterday dimmed its earnings forecast as sales in the last seven weeks of the financial year ended August 2021 were significantly impacted by the civil unrest in KwaZulu-Natal (K...
Africa Trade Week, owned and operated by dmg Events in South Africa, announces that its 2021 edition will take place entirely online from 23 – 25 August 2021.
President Cyril Ramaphosa has unveiled plans to assist businesses caught up in the recent unrest in KwaZulu-Natal and Gauteng, and those SMMEs that have been affected by the Covid-19 pandemic that has ravaged the country’s economy.
The Road Freight Association (RFA) is dismayed and gravely concerned about the cyber-attack on Transnet. This is creating massive delays and creating unreliability of the movement of goods across all modes of transport – with road freight bearing ...