South African banking customers who may have been affected by the recent data breach at credit services provider Experian should change their passwords.
This is according to comment from leading cybersecurity firm Kaspersky to the news that the company mistakenly provided personal information of up to 24 million South African banking customers and nearly 800,000 business entities to a suspected fraudster.
Experian South Africa released a statement on Wednesday regarding the data breach, assuring customers that no financial data was compromised.
“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian,” the company said.
“We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing an Anton Piller order which resulted in the individual’s hardware being impounded and the misappropriated data being secured and deleted,” it added.
However, Kaspersky Senior Security Researcher Maher Yamout warned that scammers may be able to use the leaked information to their benefit.
“Such type of threats can jeopardise users’ personal information and make them subject to online identity theft and phishing attacks,” Yamout cautioned.
Yamout urged banking customers who suspect they might have been affected to stay vigilant and careful online.
“When reading emails, social media posts, or even getting an SMS, make sure that the sender is who they say they are and keep an eye out for phishing emails,” he advised.
Yamout also backed the recommendations by certain banks made to their customers to change their online banking and app passwords as a precaution.
“We also advise users to change their passwords and never use the same password for multiple accounts because if one account is jeopardised, criminals might gain access to your other accounts,” Yamout stated.
Kaspersky further provided the following tips for proactively monitoring your online and offline identity:
- Monitor banking accounts. This may seem like a no-brainer, but you should keep a regular eye on your banking and credit card accounts. If you see transactions that you do not recognise, contact your banking institute to dispute them.
- Enable SMS alerts. If you want to make sure that you’re up to the minute with your banking, you can set up SMS alerts when transactions are made. If you do not recognise one, you can contact the bank immediately vs seeing this online a few days later.
- Sign up for an identity theft monitoring service. There are countless services out there that can help secure your online and real-world identity. This type of service could be useful if you are impacted or are afraid that you may have been.
- Be vigilant online. Be careful with sharing your information online and stay alert for any email or message you receive.
- If you are a business, be aware that social engineering is one of the most common attack vectors nowadays.