Experian has suffered a major breach of customers’ personal information, affecting an estimated 24 million South Africans and nearly 800,000 businesses.
The credit reporting agency revealed in a statement yesterday that an individual fraudulently claimed to represent one of its client and then requested “services” from the firm, prompting the release of the data.
Experian sought to play down the seriousness of the incident by claiming that this information “is provided in the ordinary course of business or which is publicly available.” It did not clarify exactly what customer records were taken, but said that the trove did not contain consumer credit or financial information.
Experian was also tight-lipped on the number of customers affected, although one of the authorities it has engaged with following the incident, non-profit the South African Banking Risk Information Center (SABRIC), claimed 24 million consumers and 793,749 business entities were involved.
It explained that domestic banks have been working behind the scenes to identify how their customers may have been impacted.
“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts,” said SABRIC CEO, Nischal Mewalall. “However, criminals can use this information to trick you into disclosing your confidential banking details.”
SABRIC urged affected Experian customers not to reveal any additional personal information if they receive unsolicited contact online or by phone, and to change their passwords regularly.
Experian claimed that the individual involved in the incident has already had their “hardware” confiscated and the stolen data has been secured and deleted.
“Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes,” it added. “Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”
It confirmed that its own IT infrastructure had not been compromised.
This isn’t the first major data breach to hit the credit reporting giant. Back in 2015, 15 million North American customers and applicants had their personal data, including Social Security numbers and ID details, stolen.