Rain hit by security breach

Telecommunications company Rain says it has been impacted by a security breach.

In an emailed statement sent to customers, the company said that its cyber-security team discovered unauthorised access to the group’s invoice storage system.

Rain said that the vulnerability has now been identified and remedied. However, it noted that some historical invoices may have been accessed, with the information limited to the name and postal addresses of customers.

“Firstly, we want to assure you that your sensitive information is secure, and no action is required from you at all. We can confirm that there has been no unauthorised access to any systems that store information such as login details, ID numbers, banking or card details. This information was never at risk,” it said.

To protect its customers, Rain said it does not directly store any payment-related information. This sensitive data is stored off-site with an independent specialist partner, utilising bank-level security, it said.

“We would like to assure you that our rigorous security measures were successful in ensuring that further sensitive information remains secure and private. Cyber-crime is a criminal offence and rain is working with the relevant authorities to investigate the matter.”

Rain CEO Willem Roos told MyBroadband the security breach occurred after a recent complex upgrade to a variety of their systems. A “small portion” – around 10% – of customers were affected.

Read: These are the best and worst mobile networks in South Africa