JOHANNESBURG – Consumer, business and credit information services agency Experian has experienced a breach of data which has exposed personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.
Experian confirmed in a statement on Wednesday that the breach had been reported to law enforcement and the appropriate regulatory authorities.
It said banks had been working with Experian and South African Banking Risk Centre (SABRIC) to identify which of their customers might have been exposed to the breach and to protect their personal information, even as the investigation unfolds.
Banks and SABRIC have also been co-operating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.
SABRIC chief executive Nischal Mewalall said the compromise of personal information could create opportunities for criminals to impersonate another person but did not guarantee access to banking profile or accounts. “However, criminals can use this information to trick you into disclosing your confidential banking details.”
“Should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder,” said SABRIC.
Consumers wanting to apply for a Protective Registration can contact SAFPS at [email protected].
SABRIC and SAFPS urged bank customers and other consumers to follow sound identity management practices to mitigate the risk of impersonation and fraudulent applications.
SAFPS chief executive Manie van Schalkwyk said: “Think of your identity information in the same way as you think of cash. Keep it safe and secure at all times, because once it is compromised, it can be used by anybody, often to impersonate you.”
It is also recommended that bank customers follow precautionary measures, including:
⦁Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.
⦁Change your password regularly and never share them with anyone else.
⦁Verify all requests for personal information and only provide it when there is a legitimate reason to do so.