An “isolated incident” linked to Bidvest Bank’s online banking platform exposed sensitive information of its clients, including names, account numbers, and bank balances.
The incident allowed at least one person to access banking information of Bidvest Bank’s clients through the bank’s online system.
It is understood that Bidvest Bank became aware of the problem in early September and fixed the problem within a few days.
A Bidvest Bank spokesperson told MyBroadband they have investigated the issue and their evidence shows that the incident was neither a security breach nor a technical security flaw.
“This was an isolated incident in which one person seems to have had access to data due to a manual processing error,” the Bidvest Bank spokesperson said.
“This has since been corrected and the necessary internal measures have been taken.”
Bidvest Bank said it is not aware of any other incidents where an unauthorised person could see clients’ banking information.
“We would like to reassure our customers that Bidvest Bank has security and defence strategies in place to ensure all customer information is secure,” the spokesperson said.
Bidvest Bank did not say whether it alerted affected clients that their sensitive information was exposed.
Section 22 of the Protection of Personal Information Act (POPIA) states that:
Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party must notify—
the Regulator; and
subject to subsection (3), the data subject, unless the identity of such data subject cannot be established.
In this case, it is reasonable to believe that personal information of Bidvest Bank clients was accessed by an unauthorised person.
Bidvest Bank may therefore be required to inform clients of the incident which exposed their sensitive information.