FNB and Nedbank respond to hacker claims
FNB and Nedbank have responded to claims by a hacking group that they have infiltrated South Africa’s financial system and stolen around R175 million from the South African Social Security Agency (Sassa).
The attackers, who call themselves N4aughtySecGroup, told MyBroadband they have access to at least five banks’ data and systems thanks to security flaws at credit bureaus XDS, TransUnion, and Experian.
As proof of their claims, the attackers presented the financial information of two MyBroadband journalists, which included car insurance data that is not more than six months old.
The attackers specifically named Absa, Discovery Bank, FNB, Nedbank, and TymeBank.
MyBroadband contacted all five banks to ask whether they had detected any breaches or suspicious activity on their systems.
“FNB is investigating the matter and can confirm that there’s no indication of any breaches on our banking platform,” said FirstRand cyber risk head Kovelin Naidoo.
Naidoo said the bank monitors fraudulent activities linked to data breaches on a continuous basis through its multi-layered security protocols as well as fraud prevention and detection systems.
“The bank has multi-layered and industry-leading security capabilities that identify threats, respond to them, and protect customers as well as the banking platform from any possible fraud,” said Naidoo.
“FNB continues to work with industry bodies such as the South African Banking Risk Information Centre (Sabric), the Banking Association of South Africa (Basa), law enforcement, and regulatory authorities to mitigate any potential risks or exposure to security breaches and will similarly work with Sassa if required.”
A Nedbank spokesperson told MyBroadband that they also have not detected any breaches or suspicious activities on its systems.
“We can confirm that Nedbank has robust systems and technologies in place to detect irregularities,” the bank stated.
“We would like to reassure our clients that their information and deposits are safe and encourage them to remain vigilant and adhere to safe banking practices.”
Discovery Bank and TymeBank provided similar feedback last week.
“Discovery Bank has not been impacted by the aforementioned breach or suspicious activity,” it stated.
“Furthermore, the bank has not detected any other breach or suspicious activity in our systems. We have reached out to industry colleagues — and at this time, there is no evidence or indication of a widescale security breach.”
Discovery Bank said that it constantly reviews and monitors its security and fraud environment, as well as clients’ transactional activities, for unusual behaviour.
“In addition, through our bank app and website, we regularly keep clients abreast with educational awareness material and messaging about fraud, security and scam trends and how to avoid them,” it said.
The attackers highlighted TymeBank as one of the key financial institutions it used to transfer funds from fraudulent Social Relief of Distress grants.
However, the bank said the attackers’ claims don’t hold up.
“After reviewing the information that was brought to our attention and cross-referencing this against our own records, there are clear discrepancies between the data provided and the customer data we have on record,” it stated.
“We can therefore confirm TymeBank has not been hacked and that the data has not been taken from our systems.”
TymeBank said its initial investigations indicated that the data was likely obtained from another party that its customers may have engaged with separately.
“More generally, we have implemented numerous rules to identify fraudulent accounts and have multiple preventative measures to detect fraud and prevent potential syndicates from accessing these accounts,” said TymeBank.
“TymeBank takes the security of our data extremely seriously and we have world class processes and controls to mitigate the risks of data loss. We work closely with all industry bodies and government departments to mitigate fraud where possible.”
Following publication, Absa provided the following statement.
“In response to the claims made, Absa operates a defense in depth strategy to protect confidential customer information,” it said.
“Absa can confirm that we have not detected breaches or suspicious activity at this time. Absa works continuously with the industry, local and international law enforcement, and regulatory authorities to mitigate the potential risks or exposure to security breaches.”
MyBroadband also asked XDS, TransUnion, and Experian for their feedback.
“There have been statements and reports regarding an alleged data breach affecting XDS. We want to assure you that the security and privacy of your data remain our highest priorities,” said Jennifer Barkhuizen, head of marketing at Managed Integrity Evaluation (MIE), a division of Mettus.
Barkhuizen said they take N4aughtySecGroup’s claims seriously and are committed to maintaining the integrity of their systems.
“While we continue to monitor the situation closely, we have found no concrete evidence of any unauthorized access or breach of our data or systems,” said Barkhuizen.
“We will keep the public informed with any relevant updates.”
TransUnion said the security of the data it holds is a top priority.
“We constantly monitor our systems and remain vigilant against any potential threats. We have found no recent evidence that our systems have been inappropriately accessed,” it said.
Experian also said it found no evidence to indicate its systems or data were compromised.
“Data security has always been, and always will be, our highest priority,” an Experian spokesperson said.
“We constantly strive to provide secure systems and processes that reflect data security best practices to stay ahead of today’s increasingly sophisticated cyber criminals.”