We did not pay ransom after massive hack - Liberty
CAPE TOWN - South African insurer Liberty yesterday said that it had refused to pay the money demanded by hackers who infiltrated the group’s information technology systems and extracted data from it.
The chief executive of Liberty, David Munro, said the group had assembled a team of specialists to investigate the data breach.
“We have engaged with the external parties to determine their intentions and we made no concessions in the face of this attempted extortion,” Munro said. “We are at an advanced stage of investigating the extent of the data breach; so far it seems to be largely e-mails and possibly attachments”.
The firm, which is a subsidiary of Standard Bank, had on Saturday admitted that it had been been subjected to unauthorised access to its IT infrastructure. The hackers had sought to extract money from the group, failure which they threatened to release the confidential information in their position.
South African companies have in recent years been victims of cyber crime to the tune of millions.
Standard Bank was last year hit by a multimillion-rand fraud that involved the withdrawal of cash using a number of fictitious cards at various ATMs in Japan. Loss Standard Bank at the time estimated that it lost about R300 million in the crime.
In 2012, South Africa’s Post Bank lost R43m to a cybercrime syndicate. Munro, who took over the helm at the firm just over a year ago, said that the company was working to ensure the integrity of their customer’s data.
“At this stage there is no evidence that any customers have suffered any financial losses. Liberty staff will proactively inform any customers individually if and when it is discovered that they may have been impacted.” Roy Wright, head of risk solutions at GTC, said the rise of cryptocurrencies, which are untraceable and therefore largely irrecoverable, have seen a rise in ransomware attacks as hackers prefer that method of payment.
“Clients who become aware that companies have experienced a breach of their confidential personal information, especially those holding sensitive data, such as medical and banking records, often become wary of continuing business with these same defaulting organisations,” said Wright.
Liberty is now facing the risk of being fined for breaching the Protection of Personal Information Act. The Information Regulator could not be reached for comment.