African Bank debt collector hit by ransomware — client data exposed

The personal details of African Bank customers were compromised following a cyberattack on one of its appointed debt recovery partners, Debt-In.

In a statement on Wednesday, the bank confirmed that Debt-In suffered a sophisticated ransomware attack in April 2021.

In the immediate aftermath of the incident, expert security advice concluded that there was no evidence that the attack had resulted in a data breach.

However, Debt-In is now aware that the personal data of certain customers, including a number of African Bank loan customers under debt review, had been compromised.

It did not reveal exactly what types of personal data was exposed.

African Bank chief risk officer, Piet Swanepoel, said it was collaborating with Debt-In to address the breach.

“We have notified the relevant regulatory authorities, and we are also in the process of alerting customers who have been affected, via email and SMS,” Swanepoel said.

African Bank said Debt-In had implemented a robust mitigation plan to contain and reduce any further adverse impact.

“Debt-In is confident that no data shared post 1 April 2021 has been compromised,” the bank added.

In an additional step, African Bank said its fraud prevention team had enhanced security measures to protect all African Bank customers.

Swanepoel reminded all South Africans to remain vigilant against possible fraud.

He provided the following tips to protect against attacks:

• Never disclose usernames, passwords, PINs or One-Time Pins (OTPs) when asked to do so by anyone via telephone, fax, text messages or even email, no matter how believable the request appears to be.
• Change your passwords regularly, and don’t share them with anyone.
• Cybercriminals often contact customers and pretend to be their bank since they may know your ID and cellphone numbers.
• Review your monthly statements closely to check what money has left your account and to whom it has been transferred.

“If you detect any suspicious activity or feel that your information has been compromised, you can apply for a free Protective Registration listing with the Southern African Fraud Prevention Services (SAFPS),” said Swanepoel.

“This will alert banks and credit providers that an identity has been compromised. You can apply by emailing [email protected].”

Swanepoel further urged African Bank customers to call 0861 111 011 if they suspect any fraudulent activity on their accounts.

Now read: Department of Justice hack — all backups gone and R33 million ransom demanded