Liberty CEO David Munro speaks about a data bridge that took place at Liberty on Thursday when they were hacked and client info stolen. The brief took place at the company head office in Braamfontein JHB on Sunday night. 
Picture: Timothy.Bernard AfricanNewsAgency/ANA
Liberty CEO David Munro speaks about a data bridge that took place at Liberty on Thursday when they were hacked and client info stolen. The brief took place at the company head office in Braamfontein JHB on Sunday night. Picture: Timothy.Bernard AfricanNewsAgency/ANA
JOHANNESBURG - The information Regulator yesterday took Liberty to task for the hacking scandal that rocked the group last week.

The regulator’s chairperson, Pansy Tlakula, said she had written to Liberty’s chief executive, David Munro, requesting an urgent meeting with him.

Tlakula said she wanted Liberty to take the regulator into its confidence and explain how the breach occurred, the extent and materiality of the breach, and the security measures that Liberty has put in place to prevent another breach.

“South Africa has experienced a disturbingly high number of material data breaches in the past few months. In addition to Liberty Holdings, there have been material data breaches at Master Deeds, Facebook and ViewFine,” Tlakula said.

The regulator must enforce stricter security measures to prevent data breaches and hold companies that neglect to implement security measures to account under the Protection of Personal Information Act.

Also read: Liberty shares fall 5% after cyber attack

Tlakula said the recent data breaches underscored the need to establish the regulator. “It is for this reason that the Information Regulator requests the powers that be to assist it in fast tracking its operationalisation,” said Tlakula.

The managing director of Ukuvuma Cyber Security, Andrew Chester, said lapses in Liberty’s security system could be the first incident subject to the General Data Protection Regulation since its inception in May. It puts the onus on the controller and processor to implement technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.

“It (hacking) most likely happened in one of two ways: it was either an inside job or someone with the correct privileges was hacked, which means that they could have used that person’s permissions to get into the system,” Chester said. “I think the unfortunate truth is that Liberty will be raked over the coals for this, and it could end up costing them millions in real and reputational damage.”

The group’s share price dropped nearly 4percent as it battled to calm fears over the infiltration of its information technology system.

On Sunday, Liberty confirmed that hackers were demanding compensation for alerting the group to potential vulnerabilities in its systems. It said its initial investigations revealed that the hacking largely affected e-mails and attachments.

Have you read: We did not pay ransom after massive hack - Liberty

Liberty declined 4.03percent on the JSE yesterday to close at R119.

- BUSINESS REPORT