Postbank

Photo: Pixabay

Postbank: SASSA grant system hacked, resulting in R89m loss

According to a report by amaBhungane, the SASSA grant system was likely hacked by Postbank employees who stole R89 459 330 in cash.

Postbank

Photo: Pixabay

Postbank has confirmed that it suffered a cybercrime attack incident in the last quarter of 2021 resulting in a financial loss of approximately R90 million. 

According to a report by amaBhungane, the unknown culprits were most likely employees or contractors of the state owned bank.

POSTBANK HACK RESULTS IN R89 MILLION LOSS

According to the amaBhungane report, individuals presumed to be either employed by Postbank or by a Postbank contractor stole at least R89 459 330 in physical cash through SASSA accounts.

This is reportedly the second major security breach since the South African Post Office (SAPO) and its subsidiary Postbank took control of the bulk of the social grant system in 2018. 

The report further says that the incident was “accidentally” discovered by and quashed when a call centre operator noticed that a SASSA grant beneficiary account with a balance of just under R100 000 – which is highly unusual for a grant beneficiary

Postbank, said the incident was detected and contained from causing any further financial loss. No customers have lost any money as a consequence of the cybercrime attack incident.

Reports surfaced that the hack was kept under wraps; however , Postbank has refuted this claim. 

Postbank Acting CEO, Mr Kevin Maartens said security enhancing measures to prevent any future incidents were immediately put in place.

Maartens said there was never such an attempt to hide the incident because an investigation was instituted once the incident was detected.

“The investigation is currently ongoing, as are further processes of implementing additional security enhancing measures to make our environment more robust.    

“The cybercrime attack was complex and coordinated, typical of organised financial crime. While Postbank wishes not to provide too much information about the method used for this cybercrime incident, the incident involved an unauthorised attack on a database through the Post Office network that Postbank uses. Account balances on a number of individual accounts were inflated on the database and thereafter cash was withdrawn from ATM’s over a period of time.”

Kevin Maartens

ALSO READ: TransUnion: 3 million South Africans affected by massive data hack