Experian South Africa discloses data breach, 24 million customers impacted

The South African branch of consumer credit reporting agency Experian disclosed a data breach that impacted 24 million customers.

The South African branch of consumer credit reporting agency Experian disclosed this week a data breach that impacted 24 million customers.

The company revealed that only personal information was exposed in the data breach, no financial or credit-related information was compromised.

The company declared that it has identified the origin of the attack and has already wiped stolen data from the devices used by the attackers.

The credit agency did not disclose the exact number of impacted users, but according to a report published by the South African Banking Risk Centre (SABRIC) the security incident may have impacted 24 million South African citizens and 793,749 local businesses.

“Experian – a consumer, business and credit information services agency – has experienced a breach of data which has exposed some personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.” reads the report.

The company already reported the incident to law enforcement and the appropriate regulatory authorities and is going to notify the impacted customers.

The local authorities were able to identify the crooks behind the attack. A court order obtained by Experian allowed to seize the fraudsters’ equipment and stolen data was secured and deleted.

At the time the company is not aware of fraudulent use of the stolen data, it also pointed out that the attackers did not compromise its infrastructure.

“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian. The services involved the release of information which is provided in the ordinary course of business or which is publicly available.” reads a statement released by the agency.

“We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”

“I would like to apologise for the inconvenience caused to any affected parties. Our first priority is to help and support consumers and businesses in South Africa.” said Experian Africa CEO Ferdie Pieterse.

Experian advises anyone who may have concerns to regularly check their credit report.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Experian)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.