We were not hacked, a clever criminal convinced us to give him our data – Experian SA CEO
Experian South Africa CEO Ferdie Pieterse downplayed the seriousness of a data breach at his company which exposed the personal details of 23.4 million South Africans.
Experian is a consumer, business, and credit information services agency, whose major clients include several South African banks.
The South African Banking Risk Centre (SABRIC) said the data breach at Experian has exposed the personal information of as many as 24 million South Africans and nearly 793,749 businesses.
Banks have been working with Experian and SABRIC to identify which of their customers may have been exposed to the breach and to protect their personal information.
Experian South Africa said it continues to investigate “an isolated incident in South Africa involving a fraudulent data inquiry”.
“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian,” the company said.
“The services involved the release of information which is provided in the ordinary course of business or which is publicly available.”
Speaking to The Money Show’s Bruce Whitfield, Pieterse said “in no way, shape, or form” was Experian hacked.
He said none of their systems, databases or records was ever penetrated or hacked as many had reported.
He said the perpetrator used social engineering techniques to put himself forward as a known customer of Experian.
The fraudster then convinced Experian, in the normal cause of business, to provide him with the records of 23.4 million individuals.
Pieterse said the fraudster already had the names, surnames, and ID numbers of people, and that Experian only provided contact information to the fraudster – telephone numbers and addresses.
He told Whitfield it was not a “colossal failure” on the part of Experian.
Data was stolen months ago
J2 Software managing director John Mc Loughlin said this is indeed a serious data breach which should concern people.
Speaking to Whitfield, Mc Loughlin said the information breach already happened in May and has therefore been out there for months.
“We live in a digital world. That data can be absolutely anywhere, and that is the information which hackers need to target people for identity theft, SIM swaps, and other fraud,” he said.
He said this “highly valuable and rich data set” provides fraudsters with the means to launch attacks against people.
The full interview with Mc Loughlin is embedded below.