Experian SA data breach may set a worrying trend
Share this article:
Durban - AS BANKS around South Africa scramble to deal with the data breach at credit bureau Experian SA, which exposed the personal data of 24 million South Africans and 739 749 businesses, information technology expert Arthur Goldstuck said people should expect more such incidents in the future.
This comes as the South African Banking Risk Information Centre (Sabric) has been working with banks and Experian to determine which of their customers were affected by the data breach.
Goldstuck said the reason there will be more incidents was because companies were run by an “old guard” of people who did not prioritise cybersecurity.
He said cybersecurity should ultimately be the responsibility of the chief executive of a company and not the sole responsibility of the IT head.
Goldstuck, managing director of World Wide Worx, said this was not only a South African problem but also an international one.
He said such breaches occurred often because companies thought they knew better and did not follow international best practices.
He said in many cases the security breaches occurred through human error while security systems generally could not be faulted.
“What could happen is that regulators will be fining companies for not protecting the data. Another possibility is that people who have been affected could end up suing the companies for the data breach.”
Last week, a subsidiary of insurer Momentum Metropolitan had a data breach while the Life Healthcare Group had one in June.
Alison Treadaway, the director of digital communication and security specialist company, Striata, said: “While it’s still unclear exactly how much damage the Experian data breach will cause, the most revealing detail to emerge is that the fraudster was able to access the database by pretending to be a client of the firm. This shows how important it is that organisations which hold customer data have the right policies and procedures in place, but also educate their staff on what kind of information they can give out and when.”