Tag: data breach

By Penelope Mashego by Fin24

Pharmacy retailer Dis-Chem has launched an investigation into a data hack at one of its third-party service providers that resulted in an “unauthorised person” accessing the personal details of customers.

In a notice on Wednesday, Dis-Chem said its investigation so far showed that the hacker gained access to first names, surnames, email addresses and cellphone numbers belonging to more than 3.6-million people.

The retailer said it was informed about the breach – which took place in April – at the beginning of this month. It has since taken steps to establishing the scope of the breach and restore the “integrity” of its operating system

“Please note there is currently no indication that any personal information has been published or misused as a result of the incident. However, we cannot guarantee that this position will remain the same in future,” Dis-Chem cautioned.

The retailer added that it was continuing to monitor for any publication of the personal information accessed in the breach.

“While investigations into the incident are still ongoing, the operator has confirmed it has deployed additional safeguards in order to ensure protection and security of information on the database,” Dis-Chem said.

Dis-Chem also asked those possibly affected by the breach to be vigilant by:

  • Not clicking on suspicious links;
  • Not sharing passwords or PINs;
  • Changing passwords often;
  • Having regular anti-virus and malware scans on their devices; and
  • Providing personal information only when there is a legitimate reason.

TransUnion hacked and held to ransom

Source: Fin24

Credit bureau TransUnion has been hacked and has received a demand for ransom, it said in a statement.

The hackers, who described themselves as a “criminal third party”, gained access to the bureau’s server by misusing an authorised client’s credentials, according to the statement.

“We have received an extortion demand and it will not be paid,” TransUnion said.

The Southern African Fraud Prevention Service (SAFPS) said it appears that TransUnion is battling to retrieve the compromised data from the hackers. TransUnion has not yet confirmed or denied this directly to Fin24.

But the company said it is working with law enforcement and regulators. Its investigation is ongoing, and as it progresses, TransUnion SA will notify and assist those whose personal data may have been affected.

According to TransUnion, it immediately suspended the compromised client’s access, engaged cybersecurity and forensic experts, and began investigating. It is working with law enforcement, it said.

It also took some of its services offline, but these have since resumed.

“We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators,” it said.

“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected.

“We will be making identity protection products available to impacted consumers free of charge,” TransUnion added.

CEO Lee Naik added that protecting client data was TransUnion’s “top priority”.

“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected,” said Naik.

Technology site ITWeb earlier reported that the hacker group was going by the name N4aughtysecTU and claimed to come from Brazil. Speaking to ITWeb via Telegram, the hacker group reportedly said it had 4 terabytes of client information and had accessed some 54 million records, including data from over 200 corporates.

The group allegedly threatened to attack TransUnion’s corporate clients if the bureau didn’t cough up. According to ITWeb it wants $15 million (~R223 million) in Bitcoin.

Rising data breach incidents in SA

SAFPS CEO Manie van Schalkwyk said records of 54 million South Africans might have been compromised.

“This alarming news is further indication that every company that holds personal information is a potential target. The consumer desperately needs an extra layer of protection on their identity against criminals who will turn their lives upside down without a second thought,” said SAFPS CEO Manie van Schalkwyk.

SAFPS said cyberattacks and data breaches targeting SA companies have escalated over the past two years.

In 2020, another credit bureau, Experian, suffered a data breach, which potentially exposed the information of 24 million South Africans. In 2021, Debt-IN Consultants, a debt recovery partner to many South African financial services institutions, got a ransomware attack. It is estimated that the personal information of more than 1.4 million South Africans was illegally accessed from its servers.

Banks have not been spared either. Absa announced a data leak in November 2020, and it has been identifying more impacted customers this year, almost a year-and-a-half after the incident. Standard Bank also identified a data breach on its LookSee platform in November last year.

“Data breaches have been on the rise globally, and South Africa has seen unprecedented increases in the number of cyber victims,” said Dalene Deale, the executive head of Secure Citizen, which was created through a collaboration with SAFPS and OneVault to identity theft following online fraud.

Deale said this increase in data breaches means that fraudsters are now armed with more the correct information enabling them to impersonate individuals.

SAFPS said when records of more than 20 million consumers were compromised at another credit bureau – possibly Experian – it saw impersonation rise by more than 300%.

Hawks arrest Experian breach suspect

Source: ITWeb

The Hawks’ Serious Commercial Crime Investigation unit has arrested a 36-year old suspect in Gauteng for his alleged involvement in last year’s Experian data breach.

Last August, credit bureau Experian suffered a data breach that exposed the personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.

In a statement released today, the Hawks says Experian is believed to have entered into a contract with the suspect who was disguised as a business owner.

“The suspect purported to be a certain Tebogo Mogashoa, a director of Talis Holdings. The agreement [with Experian] gave the person access to the personal information held by the credit bureau of millions of people. The suspect then proceeded to download approximately 23 million personal data records and 727 000 business records. The suspect then attempted to sell these records at about R4.2 million,” the Hawks statement reads.

Following the data breach incident, it emerged that some data from the credit bureau was later compromised and dumped on the Internet.

According to a report by iAfrikan, after investigations and a tip-off, the alleged Experian database was made available on the Web – on publicly viewable Web sites and forums.

Experian confirmed at the time that the files found on the Internet were identified as files which contain Experian data relating to the data breach incident, noting that it was taking all steps available to investigate the incident and reduce further dissemination of information.

By Jordan Valinsky for CNN Business

Over the weekend, cybersecurity experts revealed that about half a billion Facebook users’ personal information was breached – a treasure trove of data the includes full names, birthdays, phone numbers and their location.

Facebook said that massive leak stems from an issue in 2019, which has since been fixed. Still, there’s no clawing back that data. More than 30 million accounts in the United States were affected and the company isn’t making it easy to find out if your data was included in the breach.
But a third-party website, haveibeenpwned.com, makes it simple to check by inputting your email. For now, it just checks if your email was among those stolen.

That’s a pretty big catch: Although 533 million Facebook accounts were included in the breach, only 2.5-million of those included emails in the stolen data. So you’ve got less than a half-percent chance of showing up on that website, even though you’ve got about a 20% chance of being hacked if you’ve got a Facebook account.

HaveIBeenPwned creator and security expert Troy Hunt said on Twitter that he’s examining whether to add phone numbers.
“The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address,” Hunt’s website said.

Although this data is from 2019, it could still be of value to hackers and cyber criminals like those who engage in identify theft.
Facebook (FB) didn’t immediately respond to CNN on Monday about whether if it will create a way to see if their information was leaked.

Source: MyBroadband

The person behind the recent Absa data breach was a credit analyst at the bank who had access to risk modelling systems and sensitive client information.

The employee, who Absa said they trusted, leaked the client data to an external platform and then sold it to third parties.

This is feedback from Absa chief security officer Sandro Bucchianeri, who was speaking to ENCA about the data breach.

Bucchianeri first learned about the data breach on 27 October, after which they informed the Information Regulator about it.

Around a month after first being alerted to the data breach, Absa sent an email to affected clients warning them that their personal information had been shared with third parties.

He said the communication with customers was delayed to ensure they did not compromise the investigation, which was going through a court process at the time.

To date, Absa has not provided much detail about the number of clients affected and the person behind the leak, but Bucchianeri has now shed more light on the issue.

He said the Absa credit analyst sold private information about their retail banking clients to third parties.

While Bucchianeri could not divulge who these third parties were, he said they were from a “marketing type perspective who were looking for that type of information”.

“They may use the information to sell services or try to commit fraud on these accounts,” he said.

This employee has subsequently been suspended pending further information. Absa has also brought criminal charges against the employee, and these are playing out in the courts now.

Bucchianeri said the information which was leaked included bank account numbers, names and surnames, ID numbers, and contact details.

He added that the details of around 200,000 of their retail banking customers have been compromised.

Absa has now destroyed the leaked data and the external party devices have gone through an independent forensic review.

“We are in the process now to obtain the files for our own investigation,” said Bucchianeri.

He said Absa may also bring charges against the third parties who had access to the leaked data.

Following the data breach, Absa has implemented heightened monitoring on all the clients’ accounts who were leaked.

 

 

Absa suffers data breach

By Dhivana Rajgopaul for IOL

Absa has laid criminal charges against the employee behind the data breach that resulted in clients’ personal information being leaked to third parties.

“Absa has brought criminal charges against the employee, and internally the requisite consequence management has been undertaken. Absa may take further action in relation to the recipients of the data once the full scope of the leak is identified and all investigations are completed,” said the bank in a statement.

According to the bank, an employee unlawfully made customer data available to external parties.

Absa warned the affected clients through an email on November 30 which informed them their personal information had been shared with external parties.

Absa said a “small portion” of clients’ personal information was leaked, but investigations would continue.

The personal information of clients that was shared with third parties includes identity numbers, account numbers, contact details and physical address.

The bank also secured an order from the High Court to carry out search and seizure operations and secured the devices that contained the data.

According to Absa, the data on the devices was destroyed.

The bank said it would contact customers who were affected by the data breach about potentially suspicious transactions.

It has also enhanced the monitoring of customer accounts that have been affected to date as well as put in place additional control measures to minimise the risk of re-occurrence in future.

 

Source: Business Insider 

Information apparently drawn from a massive leak of its data is “on the Internet”, credit bureau Experian admitted on Tuesday night.

To date the company has insisted it had contained the breach, after handing over data on millions of South Africans, and bank account details of businesses, to someone it describes as a fraudster.

Now it says it will work to stop the further spread of the information.

As part of its investigation, “we have identified files which we believe contain Experian data relating to the incident on the internet,” Experian said in a statement.

“We continue to investigate these files and will take all steps available to us to reduce further dissemination if possible.”

It also claimed – in direct contradiction to a timeline it has confirmed – to have taken “immediate steps to make sure that individuals and businesses in South Africa could take steps to protect themselves” once it became aware of the breach.

Experian announced the breach publicly in August, and banks started to issue warnings to their customers that the leaked information may be used to scam them.

What the company failed to mention, until questioned by Business Insider South Africa, was that it had handed over the information in late May, and noticed it had done so nearly two months later, in July.

It took nearly another month to investigate and obtain a private seizure order to recover the hardware on which the data had been stored.

Only after that did Experian tell consumers about the breach.

Having seized the hardware, the company said, it had contained the incident.

“We have been monitoring the various platforms (i.e. the dark web) to ascertain whether the data is being offered for sale. We also employed a leading digital forensic investigator to assist us with our efforts,” Experian said, when Business Insider asked how it knew the information had not been sold or distributed in the nearly three months it was with the “fraudster”.

“Also, from our internal investigations we ascertained that the fraudster conducts an insurance and credit services market place and uses the information to contact consumers in order to offer services to consumers.”

Experian has not said how it initially failed to detect the spread of the information, or exactly how it intends to contain the data this time around.

 

By Phillip de Wet for Business Insider SA

South Africa’s largest ever data breach has now been contained, says credit bureau Experian, which handed over the personal details of some 24 million people to an individual it now calls a fraudster.

But it is still not clear what happened between the end of May – when Experian handed over that data – and mid August, when that containment actually took place.

On Thursday Experian confirmed that what it terms “the release” took place on 24 May and 27 May. That was when it handed over data including ID numbers, telephone numbers, and physical and e-mail addresses of more than 23 million individuals and nearly 800,000 businesses to someone who presented themselves as authorised to have that information.

As of Thursday, South Africa’s largest banks are warning affected and potentially affected customers to exercise heightened vigilance, because that information could be used in identify theft attempts, or to convince people to hand over more information.

For all of June, July, and the first two weeks of August, customers were not aware of that possibility, though, as Experian first sought to plug the leak.

This week the company said it had secured the hardware the information had been stored on via an Anton Piller, a court order that allows for search and seizure without prior warning in order to preserve evidence in civil cases.

“[W]e delayed publishing the incident due thereto that the Anton Piller is reliant on the element of surprise and we therefore could not make the incident public,” the company told Business Insider South Africa on Thursday.

Experian said it had detected the breach on 22 July – 57 days after handing over the data.

“The fraud was detected once Experian struggled to contact the representative of the company on his mobile and then attempted to make contact on the company’s landline,” the company said in response to questions. “The actual person who was impersonated confirmed that he did not have any dealings with Experian.”

It immediately started to investigate, Experian said, but needed “to ensure that we have the necessary evidence that is required to apply for the Anton Piller order.”

It actually applied for that order on 13 August, 79 days after handing over the data.

The order was fully executed by 18 August – 84 days after the breach.

On Thursday Experian said it believes “that the incident has been contained”, after it seized hardware from the suspected fraudster and the data was “secured and deleted”.

Asked why it believed the data had not been sold or otherwise passed on in three months, the company said:

“We have been monitoring the various platforms (i.e. the dark web) to ascertain whether the data is being offered for sale. We also employed a leading digital forensic investigator to assist us with our efforts.

“Also, from our internal investigations we ascertained that the fraudster conducts an insurance and credit services market place and uses the information to contact consumers in order to offer services to consumers.

“Due to the serious nature of the Anton Piller order, we are not permitted to share any details around this.”

The company also reiterated that it believes the breach was not that big a deal, as the “consumer information concerned was publicly available information”.

By Sizwe Dlamini for IOL

Consumer, business and credit information services agency Experian has experienced a breach of data which has exposed personal information of as many as 24-million South Africans and 793 749 business entities to a suspected fraudster.

Experian confirmed in a statement on Wednesday that the breach had been reported to law enforcement and the appropriate regulatory authorities.

The company handed over information to a suspected fraudster, and the suspect had already been identified and the data deleted.

It said banks had been working with Experian and South African Banking Risk Centre (SABRIC) to identify which of their customers might have been exposed to the breach and to protect their personal information, even as the investigation unfolds.

Banks and SABRIC have also been co-operating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.

SABRIC chief executive Nischal Mewalall said the compromise of personal information could create opportunities for criminals to impersonate another person but did not guarantee access to banking profile or accounts. “However, criminals can use this information to trick you into disclosing your confidential banking details.”

“Should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder,” said SABRIC.

Consumers wanting to apply for a Protective Registration can contact SAFPS at protection@safps.org.za.

SABRIC and SAFPS urged bank customers and other consumers to follow sound identity management practices to mitigate the risk of impersonation and fraudulent applications.

SAFPS chief executive Manie van Schalkwyk said: “Think of your identity information in the same way as you think of cash. Keep it safe and secure at all times, because once it is compromised, it can be used by anybody, often to impersonate you.”

It is also recommended that bank customers follow precautionary measures, including:

  • Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.
  • Change your password regularly and never share them with anyone else.
  • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.

 

Nedbank’s client data hacked

Source: Xinhuanet

Nedbank service provider’s IT systems have been breached, exposing the personal information of up to 1.7 million clients, said the bank last Thursday.

Computer Facilities, which does direct marketing for Nedbank by sending short messages and email marketing information on behalf of the bank, was breached.
The bank said there was some “potentially compromised data” which included names, identity cards numbers, telephone numbers, physical and/or email addresses.

“We regret the incident … and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority,” said Nedbank CEO Mike Brown, adding that the bank systems or client accounts were not impacted.

“We are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities,” said Brown.

Nedbank group Chief Information Officer Fred Swanepoel said they have secured and destroyed all their client information held by Computer Facilities.

Last year the City of Johannesburg’s system was hacked and some payment in bitcoins were demanded. In 2017 South Africa’s insurance company Liberty was hacked and demanded ransom.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top