Image via Adobe Stock
Data of more than 1.4 million SA consumers exposed
Cyber criminals accessed consumer and personal data from servers and at least one bank has confirmed that clients have been impacted.
Image via Adobe Stock
A major SA debt collector has announce a criminal data breach of more than 1 million customer’s person records.
Debt-IN Consultants (Pty) Ltd, a professional debt recovery solutions partner to many financial services institutions said the cybercrime ransomware attack had resulted in a significant data breach of consumer and employee personal information.
The debt collectors announced in a statement on Wednesday that it suspected that consumer and personal information of more than 1.4 million South Africans had been illegally accessed from Debt-IN servers in April 2021. However the firm said that the breach had only came to light last week with the discovery that confidential consumer data and voice recordings of calls between Debt-IN debt recovery agents and financial services customers had been posted on hidden internet sites, which are only accessible via a specialised web browser.
Debt-IN said that it was working closely with local regulators, law enforcement agencies and cyber-security partners to rapidly gather facts, resolve the issue and provide ongoing information to clients. The firms said that while the investigations are ongoing and the analysis is subject to change, the findings so far show there has been no further breach and enhanced data protection measures remained “securely in place”.
The company said it had taken “immediate and appropriate actions to reinforce existing security measures” and mitigating any further potential impacts of the breach, including assembling a team of highly regarded and globally experienced cyberbreach and forensic experts to work with Debt-IN on the incident.
“Debt-IN deeply regrets this cyber-attack, and we apologise unreservedly for the inconvenience and anxiety this data breach has caused our clients, and their customers,” Debt-IN CEO, Mark Essey said.
“We are taking this matter very seriously. In this age of highly sophisticated information security threats and an estimated 17 billion cyber attacks around the world every day, Debt-IN is committed to doing all it can to protect clients’ information. We reiterate that we view this attack as the act of malicious cybercriminals. From the time this data breach was detected, our guiding principle has been to put our clients first, and we will continue to do so,” Essey said.
African Bank announced on Wednesday that the date of some of its customers who are under debt review, was compromised in the latest data breach.
