Kaspersky warns South African banking customers to change passwords after major data breach

[Hanno Labuschagne]

Kaspersky warns South African banking customers to change passwords after major data breach

South African banking customers who may have been affected by the recent data breach at credit services provider Experian should change their passwords.

This is according to comment from leading cybersecurity firm Kaspersky to the news that the company mistakenly provided personal information of up to 24 million South African banking customers and nearly 800,000 business entities to a suspected fraudster.

Experian South Africa released a statement on Wednesday regarding the data breach, assuring customers that no financial data was compromised.

 

[Dan C]

Not changing my password ... been using 'SA' for a long time and never had a problem.

 

[|tera|]

Sign up for an identity theft monitoring service.

There are countless services out there that can help secure your online and real-world identity. This type of service could be useful if you are impacted or are that you may have been.

Give more personal information to protect information. Just to wait for monitoring service to be breached.

Ridiculous.

 

[Fulcrum29]

The API access leveraged by Experian had way too many privileges and I believe that those who designed and controlled the policy which governed the relationship didn't engage in due diligence and had little care and should be held accountable. Everyone which participated in this relationship should be questioned on why they are administrating bad practices which aren't in-line with ITIL (and any other related library) especially considering that this is the banking sector which is exposed due to maladministration.

 

[supersunbird]

How does changing your password help at all, tell me that Kaspersky, or are you noob like the banks? Were the passwords leaked?

No, things were leaked that assist with phishing and it's variants possibly, now some people well just give/enter their new changed passwords to the scammer/website.

If more info than that was leaked (like what accounts a person has and such), now the scammers can answer a lot of security questions, like the ones at Telkom and get contracts/devices.

 

[Fulcrum29]

What I do see as strange is that all these parties and advisers are lecturing the users on security when the breach was within the operators' domain.

 

[|tera|]

What I do see as strange is that all these parties and advisers are lecturing the users on security when the breach was within the operators' domain.

2020 customer service: Just remember every fault is because of you. We are only trying to fix your mistake.
2021 customer service: I let my wallet do the talking.

So sick of these entitled companies and institutions that get away with everything, but the Man on the street gets shafted.
Just reading the Amazon jobs thread makes me want to fume.

 

[Gallderhen]

How does changing your password help at all, tell me that Kaspersky, or are you noob like the banks? Were the passwords leaked?

I think this is more for the average-Joe that uses his/her birthday-date/surname/name as password or part of the password.

-G-

 

[WollieVerstege]

From what I understand the only information that was shared is information that they normally sell to 3rd parties in any case. This never included passwords before, or did it?

 

[backstreetboy]

I'm surprised they didn't try to flog their password manager.

 

[RandomGeek]

How does changing your password help at all, tell me that Kaspersky, or are you noob like the banks? Were the passwords leaked?

No, things were leaked that assist with phishing and it's variants possibly, now some people well just give/enter their new changed passwords to the scammer/website.

If more info than that was leaked (like what accounts a person has and such), now the scammers can answer a lot of security questions, like the ones at Telkom and get contracts/devices.

People are jumping on this bandwagon to get airtime, plain and simple. Agreed their change your password advice is non-sensical

 

[Creag]

My '123456' password is still good for me

 

[susefan]

I have already changed my password. This is the new one: )BErfQ%bm3dgYCM(h%mN&zGZBaqNCw

 

[TelkomUseless]

I have already changed my password. This is the new one: )BErfQ%bm3dgYCM(h%mN&zGZBaqNCw

invalid password. Too short

 

[garp]

Why would your credit record data contain your passwords? This is obviously not going to happen. In fact, its going to be everything other than your password - i.e. your email address, id number, phone numbers etc, and unless you're prepared to try and change those, there's not much you can do apart from being hyper-vigilant for phishing, etc.

In any case, it seems to be data that they would quite willingly have provided to a paying customer, their issue is that it went to someone pretending to be a client of theirs.

Then of course, this kind of data has been breached so many times in SA, any scammer worth their salt would have had all our id numbers, email addresses etc for years already.

 

[R13...]

Why? This breach is supposed to have occurred in May already so if there was a need to change passwords then that horse bolted months ago.

 

[Dan C]

My '123456' password is still good for me

I had the same once, but in capitals.

 

[EagleEyed]

As far as I understand the incident, credit bureaus, such as this one, is in the business of selling consumer data, such as identity numbers, addresses and phone numbers.

By their own admission, a person approached them and provided them with a list of millions of names and identity numbers and he wanted to buy contact numbers for all those people. This guy misrepresented to be a client, but yet they updated his list with contact numbers of consumers.

The company later found that the real client never bought the data.

If only phone numbers were sold to the person, why should we change banking passwords? Unless, banks have sold our access details too and the credit bureau sold this to the criminal? If this is indeed the case, should the banks not rather cancel and issue new banking passwords by default?

 

[|tera|]

As far as I understand the incident, credit bureaus, such as this one, is in the business of selling consumer data, such as identity numbers, addresses and phone numbers.

By their own admission, a person approached them and provided them with a list of millions of names and identity numbers and he wanted to buy contact numbers for all those people. This guy misrepresented to be a client, but yet they updated his list with contact numbers of consumers.

The company later found that the real client never bought the data.

If only phone numbers were sold to the person, why should we change banking passwords? Unless, banks have sold our access details too and the credit bureau sold this to the criminal? If this is indeed the case, should the banks not rather cancel and issue new banking passwords by default?

Logic doesn't work in this country. I've tried. Showed, lived it. People are fkn daft.

 

[j4ck455]

Sign up for an identity theft monitoring service. There are countless services out there that can help secure your online and real-world identity. This type of service could be useful if you are impacted or are afraid that you may have been.

https://www.google.co.za/search?q=identity+theft+monitoring+service

https://mytransunion.co.za/Products and https://www.identityguard.co.za/ are at the top of the search results.

So we are being told to trust yet another credit agency with protecting our identities when Experian ripped us a new one (several months ago) and left what seems to be every South African with a bank account butt naked in the cold winter wind.

As for IdentityGuard, if hackers and a "fraudster" don't steal your identity, their forensic investigators will steal your identity: