Skip to main content

Data from SA’s massive info breach is ‘on the internet’, Experian now admits

| Crime and security

Information apparently drawn from a massive leak of its data is "on the internet", credit bureau Experian admitted on Tuesday night.

To date the company has insisted it had contained the breach, after handing over data on millions of South Africans, and bank account details of businesses, to someone it describes as a fraudster.

 

Now it says it will work to stop the further spread of the information.

As part of its investigation, "we have identified files which we believe contain Experian data relating to the incident on the internet," Experian said in a statement.

"We continue to investigate these files and will take all steps available to us to reduce further dissemination if possible."

It also claimed – in direct contradiction to a timeline it has confirmed – to have taken "immediate steps to make sure that individuals and businesses in South Africa could take steps to protect themselves" once it became aware of the breach.

Experian announced the breach publicly in August, and banks started to issue warnings to their customers that the leaked information may be used to scam them.

What the company failed to mention, until questioned by Business Insider South Africa, was that it had handed over the information in late May, and noticed it had done so nearly two months later, in July.

It took nearly another month to investigate and obtain a private seizure order to recover the hardware on which the data had been stored.

Only after that did Experian tell consumers about the breach. 

Having seized the hardware, the company said, it had contained the incident.

"We have been monitoring the various platforms (i.e. the dark web) to ascertain whether the data is being offered for sale. We also employed a leading digital forensic investigator to assist us with our efforts," Experian said, when Business Insider asked how it knew the information had not been sold or distributed in the nearly three months it was with the "fraudster".

"Also, from our internal investigations we ascertained that the fraudster conducts an insurance and credit services market place and uses the information to contact consumers in order to offer services to consumers."

Experian has not said how it initially failed to detect the spread of the information, or exactly how it intends to contain the data this time around.

 

Pin It

Related Articles

Steps to stop shoplifting in your business

By: News24 The police have noted with concern a recent spate of shoplifting incidents. Shop owners and assistants are urged to adhere to the following safety hints.

Beware of scam artists during the festive seaso...

The National Consumer Commission (NCC) says it has noticed a spike in schemes and scams that leave South Africans out of pocket, including con artists impersonating companies, investment and financial scams and pyramid schemes.

Shoprite crackdown: Criminals get 24 life sente...

By:  Nick Wilson – News24 Shoprite, SA’s largest retailer, says it has dealt a major blow against crime over the past three years, securing over 1 700 years of prison time – including 24 life sentences – for criminals.

Top scams to watch out for as you enjoy this ye...

Despite the continued reports about the tough economic environment facing South African consumers and the fact that disposable income is steadily decreasing, South Africans are still enjoying Black Friday sales.

South Africans play a greater role in becoming ...

The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams in an environment where it is becoming increasingly difficult for lawmakers and authorities to b...