Experian South Africa has released a statement regarding the massive data breach that exposed the data of up to 24 million South Africans and 793 749 businesses.
Rather than a data hack, the incident resulted from the consumer credit reporting company sharing its data with a scammer.
No ad to show here.
“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian,” the company said.
“The services involved the release of information which is provided in the ordinary course of business or which is publicly available.”
The company says that the data didn’t include consumer credit or financial information. However, the scammer did obtain other personal data.
As the South African Banking Risk Information Centre (SABRIC) notes, this information can be used in scams. Criminals could also use it for identity theft.
Banks warn customers about Experian leak
Local banks have warned customers that this information could be used to trick consumers.
Nedbank released a statement on the incident. It noted that while bank accounts won’t be compromised, criminals can still use the data in other ways.
“Your bank accounts are not at risk. Personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts — unless you disclose confidential banking details to them,” Nedbank said.
“Clients from all banks, among other credit providers, are impacted by this data breach as it is a credit industry requirement for credit providers to share this information with credit bureau’s such as Experian SA,” the bank added.
Absa detailed the ways that criminals could use the data to gain further information from consumers.
“Criminals will approach unsuspecting consumers via email, phone or text message and present themselves as members of a reputable organisation,” Absa said.
“They will attempt to deceive unsuspecting consumers into disclosing their “keys to the safe” (online PIN, online passwords, card PIN, card CVV number, OTP, and/or authentication messages – RVN/TVN/SureCheck). Never share these details with anyone and report suspicious behaviour immediately.”
Absa also provided warning signs that communication comes from a scammer.
South Africans should be extra vigilant following the breach.
Tips to keep safe
SABRIC also provided some additional tips for consumers to keep safe.
- Not disclosing personal information such as passwords and PINs
- Changing your password regularly and never share them with anyone else.
- Verifying all requests for personal information and only provide it when there is a legitimate reason to do so.
Experian scammer found
Experian’s statement on the data incident notes that authorities found the scammer.
Authorities impounded the scammer’s hardware, while also deleting the misappropriated data.
So far, no evidence indicates that scammer used the data to defraud any consumers. However, this doesn’t rule out whether the data was shared with other criminals for scams.
“Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes,” Experian said.
“Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”
If any insurance or credit leads show up in your inbox, it’s best to be extra cautious following the breach.
Feature image: rupixen.com on Unsplash