Experian South Africa discloses data breach, 24 million customers impacted

The South African branch of consumer credit reporting agency Experian disclosed a data breach that impacted 24 million customers.

The South African branch of consumer credit reporting agency Experian disclosed this week a data breach that impacted 24 million customers.

The company revealed that only personal information was exposed in the data breach, no financial or credit-related information was compromised.

The company declared that it has identified the origin of the attack and has already wiped stolen data from the devices used by the attackers.

The credit agency did not disclose the exact number of impacted users, but according to a report published by the South African Banking Risk Centre (SABRIC) the security incident may have impacted 24 million South African citizens and 793,749 local businesses.

“Experian – a consumer, business and credit information services agency – has experienced a breach of data which has exposed some personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.” reads the report.

The company already reported the incident to law enforcement and the appropriate regulatory authorities and is going to notify the impacted customers.

The local authorities were able to identify the crooks behind the attack. A court order obtained by Experian allowed to seize the fraudsters’ equipment and stolen data was secured and deleted.

At the time the company is not aware of fraudulent use of the stolen data, it also pointed out that the attackers did not compromise its infrastructure.

“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian. The services involved the release of information which is provided in the ordinary course of business or which is publicly available.” reads a statement released by the agency.

“We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”

“I would like to apologise for the inconvenience caused to any affected parties. Our first priority is to help and support consumers and businesses in South Africa.” said Experian Africa CEO Ferdie Pieterse.

Experian advises anyone who may have concerns to regularly check their credit report. 

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Experian)

[adrotate banner=”5″]

[adrotate banner=”13″]