Skip to main content

Data from SA’s massive info breach is ‘on the internet’, Experian now admits

| Crime and security

Information apparently drawn from a massive leak of its data is "on the internet", credit bureau Experian admitted on Tuesday night.

To date the company has insisted it had contained the breach, after handing over data on millions of South Africans, and bank account details of businesses, to someone it describes as a fraudster.

 

Now it says it will work to stop the further spread of the information.

As part of its investigation, "we have identified files which we believe contain Experian data relating to the incident on the internet," Experian said in a statement.

"We continue to investigate these files and will take all steps available to us to reduce further dissemination if possible."

It also claimed – in direct contradiction to a timeline it has confirmed – to have taken "immediate steps to make sure that individuals and businesses in South Africa could take steps to protect themselves" once it became aware of the breach.

Experian announced the breach publicly in August, and banks started to issue warnings to their customers that the leaked information may be used to scam them.

What the company failed to mention, until questioned by Business Insider South Africa, was that it had handed over the information in late May, and noticed it had done so nearly two months later, in July.

It took nearly another month to investigate and obtain a private seizure order to recover the hardware on which the data had been stored.

Only after that did Experian tell consumers about the breach. 

Having seized the hardware, the company said, it had contained the incident.

"We have been monitoring the various platforms (i.e. the dark web) to ascertain whether the data is being offered for sale. We also employed a leading digital forensic investigator to assist us with our efforts," Experian said, when Business Insider asked how it knew the information had not been sold or distributed in the nearly three months it was with the "fraudster".

"Also, from our internal investigations we ascertained that the fraudster conducts an insurance and credit services market place and uses the information to contact consumers in order to offer services to consumers."

Experian has not said how it initially failed to detect the spread of the information, or exactly how it intends to contain the data this time around.

 

Pin It
Whatsapp
Back to Homepage

Related Articles

How to spot common phone scams and protect yourse…

By: Mercury Reporter - IOL As it is International Fraud Awareness Week (November 16-22), the Southern African Fraud Prevention Service (SAFPS) is urging people to beware of sophisticated phone-based scams.
Read Full Article

How criminals can drain your bank account

South Africans are being warned to take extra precautions with their smartphones, as thieves are increasingly using stolen devices to access victims’ bank accounts and personal data.
Read Full Article

Woolworths issues alert as fraud surge hits South…

Woolworths Financial Services has cautioned its customers about a sharp increase in fraud-related crimes, warning shoppers to be extra careful as scammers adopt increasingly advanced methods.
Read Full Article

South African banks grapple with surge in sophist…

Several of South Africa’s largest financial institutions are sounding the alarm over a growing wave of scams targeting their customers, as fraudsters deploy increasingly clever tactics to steal money and personal data.
Read Full Article

Retailers must tighten cybersecurity as omnichann…

By: Ashley Lechman- IOL Business Report In an age where customer experience reigns supreme, South African retailers are increasingly adopting omnichannel strategies to capture the attention and loyalty of consumers.
Read Full Article