Experian Breach May Have Hit Millions in South Africa

Experian Breach May Have Hit Millions in South Africa

It has almost become commonplace to hear about cybersecurity attacks that result in system breaches. From individuals to corporations, everything from ransomware to network rifts, even those that have made attempts to protect personal and proprietary information have suffered by perpetrators. Given the high level of attention that global company communities have had towards cybercriminals, it is astounding that an organisation such as Experian experienced on August 19 2020!  The effects of this massive breach have been a major “red flag” to the harm that could have happened.

According to Experian, the problem began when an individual in South Africa identified themselves as one of their legitimate clients. The individual requested data and information collected by Experience that is publicly available and often provided as part of the course of business. Once Experian realized that the individual was misidentified, they caught the individual and got a court order that resulted in the data being removed from the devices owned by the individual.  Although not confirmed by Experian, reports derived from SABRIC (South African Banking Risk Centre) has suggested that the number of South Africans that could have been affected are as many as 794,000 businesses and 24 million citizens.

Experian reported that no consumer financial or credit data was included in the batch supplied. Information from the offender indicated that the data received was allegedly only intended for the use of credit-related and insurance marketing leads. Experian has continued in their research and has stated that their investigations show that none of the data has been used for purposes that are fraudulent.

Experian reassures clients

Experian has reassured both individuals and businesses that all of the data was removed from the criminal’s devices, although some of the data has been discovered online. Local media has found information such as email addresses, government-issued ID numbers, phone numbers and other miscellaneous details that are personal and available for download on the WeSendIt Swiss website. All of these files are publicly accessible to anyone. It has been reported by the Sunday Times that regulators in South Africa are currently working with Swiss authorities in attempts to stop the continued spread of the information that was leaked.

It was confirmed by the South African Information Regulator chair, Pansy Tlakula, that the leak was revealed t by a whistleblower. Experian later confirmed the data breach. Tlakula indicated that they are continuing their investigation and will not let this go. While all information is being reviewed, the regulatory body is specifically focusing on whether any banking details were allowed for online exposure.

Experian have conducted themselves with absolute accountability and complied in all aspects with all legal prescripts.

Experian is one of the four main South African credit reporting bureaus that include: Experian, TransUnion, Compuscan, and XDS.

“DaVinci Forensics works with companies to assist in maintaining high-level security protocols and online reputations. Today’s businesses are incorporating research teams to ensure that their proprietary information is not exposed on the internet.”

– Sharon Knowles, CEO DaVinci Forensics

Source: portswigger.net/daily-swig/experian-south-africa-data-breach-may-impact-millions-of-residents