Johannesburg – The SA Banking Risk Information Centre (Sabric) confirmed yesterday that the credit bureau Experian suffered a data attack that “has exposed some personal information of as many as 24 million South Africans and nearly 800,000 business entities”.
According to the risk centre, Experian confirmed the breach, which has been reported to law enforcement in order to identify the perpetrator. They are also working with Experian on ways to ensure the breached data is not used in fraudulent schemes.
It added that the affected banks would speak to customers about how they may be affected by the breach and what is being done.
However, news of Experian locating and deleting the files of the alleged hacker sufficed on news networks, a move that customers who are affected, and those who continue to receive anonymous calls and fraudulent emails claim is a PR stunt to make people feel safe again.
Amanda Gavendor, who is a manager of one of the affected companies, said she is very disappointed ” I am so disappointed that such a company would not issue a detailed press statement with more information pertaining to the perpetrators or send out a proper communication through the bank to affected parties”.
She says this is a PR attempt to put people at ease ” if they want to work at recovering or confiscating our data they should do that but they must not use PR stunts, that is unethical if they destroyed the data, why are we still receiving calls and emails? meaning our data is still out there”
In response to the breach, banks have told their customers to take various security measures – such as changing passwords and registering with South Africa’s fraud prevention services.
Most banks recommends the following measures to keep safe:
- It is vitally important that you never give your Online Banking username and/or password to anyone.
- Never give your One Time PIN (OTP) to anyone.
- Never click on links in emails claiming to be from banks (we never send links in our correspondence).
- Always type in www.bankname.co.za in your browser.
- Be cautious of company names with web-based email addresses, e.g., email@example.com, @hotmail.com, @gmail.com, @ymail.com.
- Review your transactions regularly.
- Don’t expect to be selected as a winner if you haven’t participated in the lottery or other competitions.
- Never save your passwords to your browsers
South Africans who suspect their identity had been compromised, were urged to apply immediately for free identity protection with the Southern African Fraud Preventions Services (SAFPS).
This service alerts SAFPS members, which includes banks and credit providers, that your identity was compromised, and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder.
Consumers wanting to apply for additional protection can contact SAFPS at firstname.lastname@example.org, or SMS the word “Protectid” to 43366.