Old Mutual security breach

First I hear of this. So if I haven't heard from OM, does that mean my info hasn't been leaked??
 
They phoned me last week to say my details were leaked and sent an sms
 
Kudos to Old Mutual for notifying their customers of the breach. A lot of corporations simply cover this crap up....
 
I went for an interview at Old Mutual IT last year and the manager said he doesn't read the CV's of candidates. Seems being part of the team and liking sports was more important to them. So no surprise.
 
Never good to hear of these things. Even less so when you hear it through the media. A general message to policyholders, investors, etc., directly from OM would have been a better way to learn this. Hopefully that will follow shortly. It doesn't allay fears of their customers that aren't certain if they're affected or not.
 
biometrics said:
I went for an interview at Old Mutual IT last year and the manager said he doesn't read the CV's of candidates. Seems being part of the team and liking sports was more important to them. So no surprise.
Click to expand...

To be fair, their IT governance and controls outperform most of the payment gateways and banks. CVs are secondary and mostly not even worth the paper they are written on. OM has some really good IT skill pool and looks after their staff very well - quite an achievement considering that most other financial institutions breed overpaid mediocre IT staff which would fail at the most basic logic test (You know you have trouble in the hiring process at banks when your coding test is about a palindrome string algo and needs to first explain what a palindrome is.... with an example)
 
OM never contacted me. I hope that doesn't mean they lost all my details ;)
 
MagicDude4Eva said:
To be fair, their IT governance and controls outperform most of the payment gateways and banks. CVs are secondary and mostly not even worth the paper they are written on. OM has some really good IT skill pool and looks after their staff very well - quite an achievement considering that most other financial institutions breed overpaid mediocre IT staff which would fail at the most basic logic test (You know you have trouble in the hiring process at banks when your coding test is about a palindrome string algo and needs to first explain what a palindrome is.... with an example)
Click to expand...

Yoh, I dunno... I can no longer log in with the details saved in my lastpass profile so I tried resetting the password and it tells me I'm not registered, so I thought the user name may be wrong - tried getting that using my surname and cell number and it tells me they don't have my details. The cell number field doesn't allow the backspace or delete keys...
I'll be phoning them tomorrow. Hope this is just something to do with changing their IT system and not that my details have been stolen / changed.
 
Heavyonthemagick said:
Yoh, I dunno... I can no longer log in with the details saved in my lastpass profile so I tried resetting the password and it tells me I'm not registered, so I thought the user name may be wrong - tried getting that using my surname and cell number and it tells me they don't have my details. The cell number field doesn't allow the backspace or delete keys...
I'll be phoning them tomorrow. Hope this is just something to do with changing their IT system and not that my details have been stolen / changed.
Click to expand...

They haven't changed their IT system?
 
Had the same call the week before last from OM, incl head of Risk Mgt. I was skeptical and phoned elsewhere in the org to confirm. A former employee is apparently involved. Was very impressed by OM's proactive calling and concern for client info integrity. Hats off to them.
 
Splinter said:
They haven't changed their IT system?
Click to expand...

They did change the login method recently.

But you should still be able to login via the old details and then get a few screens to update your account to the new system.
 
Splinter said:
They haven't changed their IT system?
Click to expand...

They have.

vnQ2Pxv.png


What I did to get in was to access the old URL stored in my lastpass profile. I could then log in - my login 'name' is my ID number. I was then presented with the above, so something has been upgraded.

SauRoNZA said:
They did change the login method recently.

But you should still be able to login via the old details and then get a few screens to update your account to the new system.
Click to expand...

This.
Except that I can't access the site that comes up when I visit www.oldmutual.co.za
I had to use the URL stored in Lastpass: https://secure.ssa.oldmutual.co.za
 
Heavyonthemagick said:
They have.

vnQ2Pxv.png


What I did to get in was to access the old URL stored in my lastpass profile. I could then log in - my login 'name' is my ID number. I was then presented with the above, so something has been upgraded.



This.
Except that I can't access the site that comes up when I visit www.oldmutual.co.za
I had to use the URL stored in Lastpass: https://secure.ssa.oldmutual.co.za
Click to expand...

Yeah I'm guessing you missed an email from them when they did the migration and they've since killed off the automatic redirect.

My wife had a similar problem.

But I'm much happier for the new system. Old one was a pain with password managers and my memory as I had to write down the User ID otherwise it was hopeless.
 
SauRoNZA said:
Yeah I'm guessing you missed an email from them when they did the migration and they've since killed off the automatic redirect.

My wife had a similar problem.

But I'm much happier for the new system. Old one was a pain with password managers.
Click to expand...

Something funky is happening on that page though. I have Lastpass so it's auto populating the user name and password fields. The odd thing is that the user name is some number I've never seen (and that number is not stored in lastpass), and it's logging in automagically without me even clicking anything on the page. I literally just visit the site and the next thing I know I'm logged in. Lastpass is NOT set to autologin, I've even checked the 'disable autologin' box for that page. Where is that other number coming from and why is it auto logging in....
I'm going to sign out of lastpass to make sure it's out of the equasion and test again.
OK, got it - lastpass isn't recognising the user name field correctly.

You know, I just wish people would follow best practices with setting passwords... this whole
Old Mutual said:
Must be at least 8 characters long, without any spaces
Must contain at least one capital letter, one lowercase letter, one number and one special character (symbols like & # ! * )
It must not contain your username or personal details
Click to expand...
...is nonsense.
Why no spaces? Why can't I use a nice long passphrase? Why the upper/lower/number/character thing? Bad.
https://pages.nist.gov/800-63-3/
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X