Breach Notification , Business Email Compromise (BEC) , Fraud Management & Cybercrime

Experian Breach in South Africa Affects 24 Million Consumers

Data on 800,000 Businesses Also Exposed
Experian Breach in South Africa Affects 24 Million Consumers

A data breach affecting the South African branch of credit reporting company Experian exposed information on an estimated 24 million consumers and almost 800,000 businesses, according to the South African Banking Risk Information Center , a nonprofit financial crime risk information center. But Experian says no consumer credit or financial information was exposed.

See Also: Live Webinar | Unlocking the Full Potential of Public Key Infrastructure

Experian South Africa did not say when the data breach occurred or how someone gained access to the data.

"We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing a [court] order, which resulted in the individual's hardware being impounded and the misappropriated data being secured and deleted," the bank says in a customer notification statement.

The company did not say what agency impounded the equipment or if the suspect is in custody.

Fraudulent Request

"Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian," the company says. "The services involved the release of information which is provided in the ordinary course of business or which is publicly available."

The statement adds: "We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services."

The company did not reveal the type of personal and business information that was exposed.

South African Banking Risk Information Center says it's working with Experian South Africa to identify the customers affected by the breach.

Meanwhile, Experian says it's working on the investigation with local law enforcement along with the National Credit Regulator, Banking Association of South Africa, SABRIC and the prudential authority at the South African Reserve Bank.

Based on Experian's statement, Dean Ferrando, a systems engineer manager at the security firm Tripwire, says the attacker may have used a business email compromise scam.

"BEC attackers rely heavily on social engineering tactics to trick unsuspecting employees," Ferrando tells Information Security Media Group.

Experian's Earlier Breach

In 2015, the credit score company suffered a breach when one of its servers that stored personal information for some 15 million T-Mobile customers was hacked.

Experian said it discovered that "an unauthorized party" accessed its systems, exposing data collected from September 2013 to September 2015 (see:Experian Hack Slams T-Mobile Customers).


About the Author

Doug Olenick

Doug Olenick

News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to joining ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.