African Bank has confirmed that one of its appointed professional debt recovery partners, Debt-IN, was targeted by cybercriminals in April 2021.
At the time, expert security advice concluded that there was no evidence that the ransomware attack had resulted in a data breach – however, Debt-IN is now aware that the personal data of certain customers, including a number of African Bank Loan customers under debt review, has been compromised.
The bank said that Debt-IN is confident that no data shared post 1 April 2021 has been compromised.
“A robust mitigation plan has been implemented by Debt-IN to contain and reduce any further adverse impact,” it said. “We have been collaborating with Debt-IN to address this breach. We have notified the relevant regulatory authorities and we are also in the process of alerting customers who have been affected, via email and SMS.”
As an additional precautionary step, African Bank’s fraud prevention team has enhanced security measures to protect all customers.
“If you detect any suspicious activity, or feel that your information has been compromised, you can apply for a free Protective Registration listing with the Southern African Fraud Prevention Services (SAFPS),” the bank said.
“This will alert banks and credit providers that an identity has been compromised. You can apply by emailing [email protected].”
African Bank customers can call 0861 111 011 if they suspect any fraudulent activity on their accounts.
The breach is the latest in a line of high-profile data breaches and cyber attacks to hit South Africa this year.
The Hawks last week (15 September) arrested a 36-year-old suspect in Gauteng following an investigation into the data breach at Experian in August 2020.
South African Banking Risk Information Centre (SABRIC) announced that Experian, a consumer credit reporting company, had experienced a data breach, exposing the personal details of millions of consumers in South Africa.
Experian initially confirmed that it had experienced a breach of data which exposed some personal information of as many as 24 million South Africans, and 793,749 business entities, to a suspected fraudster.
The justice department was also hit with a ransomware attack in recent months, and is still in the process of getting its systems back online. Transnet was also hit with a similar attack in July.