Personal data exposure notification service Have I Been Pwned? has sent notifications to over a million South Africans regarding a data breach that has been connected to Experian.
The South African Banking Risk Centre (SABRIC) announced on 19 August that a data breach at Experian exposed the personal banking-related information of as many as 24 million South Africans and nearly 793,749 businesses.
Following the report, Experian issued a statement to clarify the nature of the incident, saying it was not hacked and that no financial information was compromised.
According to Experian, an individual in South Africa who claimed to represent a legitimate client fraudulently requested services from the company in May 2020.
Experian discovered the alleged fraud in July 2020 and disclosed the matter to South Africa’s information regulator and the public in August. Experian Africa CEO Ferdie Pieterse has also stated that they are pursuing criminal charges against the alleged fraudster.
While Experian was trying to downplay the severity of the leak, South African banks were providing clients with tips on how to keep themselves safe from potential identity theft and phishing attacks. This caused a lot of confusion and raised questions regarding the severity and potential impact of the leak.
iAfrikan, together with Troy Hunt from Have I Been Pwned, have now reported that they have found a database containing the stolen data from Experian on the public Internet.
Sensitive personal information exposed
Hunt stated that only 1.3 million of the records contained in the data leak contained e-mail addresses. However, the whole database contains entries for “tens of millions of individuals”.
iAfrikan also reported that the dataset contains far more personal information than Experian initially let on. This includes ID numbers, names, addresses, occupations and other employment information. Company data found in the breach includes fields for financial information such as bank account numbers and branches.
Experian – We continue to investigate the leak
According to Hunt and iAfrikan’s reports, this dataset is connected to the leak originally disclosed by SABRIC on 19 August. Experian has also confirmed this.
The credit bureau told iAfrikan reiterated that;
“Experian continues to investigate the isolated incident in South Africa involving a fraudulent data inquiry. As part of this investigation, we have identified files which we believe contain Experian data relating to the incident on the internet. We continue to investigate these files and will take all steps available to us to reduce further dissemination if possible.”
2 Comments
Pingback: South African Construction Company Stefanutti Stocks hit by Cyberattack - Innovation Village
Pingback: Omnisient Secures $1.4M in Second Funding Round | Innovation Village | Technology, Product Reviews, Business