Experian South Africa and the information regulator have released a joint statement regarding the recent data breach which resulted in the personal information of millions of South Africans being compromised. The personal information of as many as 24 million South Africans and nearly 793,749 businesses were exposed in the data breach.
Experian assured South Africans that no financial data was compromised, although it said that the fraudster did obtain bank account numbers on some business entities. The nature of the personal data that was compromised lends itself to potential use in identity theft attacks, and may include the following:
- First and last names
- ID numbers
- Telephone numbers
- Physical addresses
- Email addresses
The credit bureau notified the Information Regulator and the National Credit Regulator upon discovering the incident, and it has now proceeded with legal action. Experian Africa CEO Ferdie Pieterse apologised to South Africans about the incident.
“We encourage all companies to be vigilant of advanced social engineering and fraudulent impersonation and to put in place adequate and appropriate measures. I sincerely apologise to anyone that has been affected by this incident, and advise any individual who has concerns about their data to check their credit report by visiting www.mycreditcheck.co.za, which they can do for free, for life.”
He also confirmed that civil and criminal procedures were being pursued.
“While the investigation continues, we can confirm that civil and criminal procedures are being pursued against the perpetrator as we take every step available to us to limit the impact to citizens and businesses in South Africa,” he said.
He said that Experian South Africa has taken immediate action to introduce additional controls that will prevent this type of data breach from occurring again. “We are working closely with all relevant authorities, including the Information Regulator, to help ensure data protection for all South Africans,” Pieterse said.