23+ million people plus 800k businesses hit by fraudster Resulting in Fraudulent Data Incident
Experian South Africa reported a fraudulent data incident that impacts 24 million consumers. An individual impersonated a legitimate client and requested reports on millions of individuals and hundreds of thousands of businesses. Tricked by the fraudster, Experian handed over the requested data files.
According to the South African Banking Risk Information Centre the data breach exposed the personal information of 23.4 million individuals and 793,749 business entities. The South African Banking Risk Information Centre is a nonprofit entity that worked with Experian to investigate the breach.
However, Experian South Africa says that no personal information or financial data was stolen. The data request involved public records that are provided as part of Experian services.
Experian South Africa
Johannesburg based Experian is one of South Africa’s largest credit bureaus. Like all such agencies, the company collects and stores information about consumers and businesses even if they have never interacted with Experian or opted into their services. Banks are required, by law, to report credit information to credit bureaus, like Experian.
Companies who offer loans, mortgages, and other lines of credit access the information collected by these credit bureaus to make lending decisions. Insurance companies and employers may also use credit information for their business decisions. A poor credit history file can result in a person being denied services.
Protect your money and your identity with IBM Watson® Artificial Intelligence before it’s too late. Get it now
Anton Piller Order Executed
“We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing an Anton Piller order which resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted,” says Experian South Africa.
An Anton Piller is a UK court order giving a plaintiff the right to search the suspect’s premises and seize evidence without prior warning. The intention is to prevent the destruction of evidence. The defendant must be present during the search and the search must occur during normal business hours.
The order is primarily used in intellectual property cases. Anton Piller orders, or versions of them, exist in other countries including Canada, Ireland, the United States, the European Union, and more,
No Fraud Reported So Far
The person who requested and received the data has been identified. Experian stated that the data breach investigation concluded that the individual was planning on using it for marketing purposes.
At this time, it appears that no data has been used for fraudulent activities.
Social Engineering Attacks
Consumers should be on high alert for fraudsters. Banks are warning that attackers can use the data from Experian or any data breach to launch future cyberattacks.
What should you do if your identity has been compromised?
Experian has reported the breach to law enforcement and regulatory authorities.
- Monitor your credit report and financial accounts. Look for fraudulent charges.
- Go to www.mycreditcheck.co.za to access your personal credit report for free at any time.
- If you suspect that your identity has been stolen, apply immediately for Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service is free of charge. Contact SAFPS at [email protected]
How Can I Protect My Online Accounts?
- Stealing an individual’s money is often a multi-step process using stolen data from multiple sources or cyberattacks.
- Use a strong and unique password for all online accounts. If you don’t know how to create a strong password or cannot remember unique passwords for each online account, try using a password manager to help you store them securely.
- Fraudsters may use the compromised data in future email phishing campaigns. Hackers often use information gleaned from social engineering – public record, news articles, social media account profiles, or corporate websites or information from past data breaches – to use in scam emails and phone calls. The goal is to steal sensitive usernames passwords or money.