Questions about Pam Golding data breach

Several people who received notifications from Pam Golding Properties about a recent data breach say they have never been customers or interacted with the company in any way, asking how it obtained their information in the first place.

Pam Golding recently notified many people that their personal details were accessed after its customer relationship management (CRM) system, Alchemy, was accessed by an unauthorised and as-yet unknown third party.

“The information accessed by the threat actor is dependent on the type of information that we have stored on the Alchemy System for a particular client,” Pam Golding stated.

“For example, your name and contact details, and in some cases, identity numbers.”

The property company said the third party gained unauthorised access to its system using a user account on Friday, 7 March 2025.

The property company assured that any electronic copies of client documents provided to them were not accessed or viewed by the third party.

MyBroadband has been contacted by several people whose data was compromised, and they are questioning how Pam Golding obtained their data in the first place.

Asked about this, Pam Golding explained that every contact with the company is stored in its system, which is hosted on a server in South Africa.

“A contact is someone who interacts with the company and includes a buying, selling, renting or letting enquiry, evaluation request, and someone who has asked to receive newsletters or information from us,” a spokesperson told MyBroadband.

People who wanted to be notified regarding new property listings were also part of the database.

“It was not limited to someone who transacted through the company,” the spokesperson said.

“This includes anyone with whom we have had telephonic contact regarding their enquiry or enquiries and who has then opted out — in order that we can ensure they are not contacted again via any of our offices.”

Data accessed from outside South Africa

Pam Golding notified affected people on Tuesday that it had detected unauthorised access of its CRM system.

It assured that no banking details, financial information, commercial information, and other documents were compromised. It also said only some clients were impacted.

“As soon as we became aware of the security compromise, we took immediate action to secure our systems and removed all unauthorised access,” Pam Golding stated.

“While investigating the impact of this incident, we also immediately began implementing steps to contain the incident and prevent any further compromises.”

It said the affected user accounts have been secured, all active sessions have been terminated, and user account passwords have been reset system-wide.

“We have reviewed all system access logs to determine the extent of the breach and identify any affected data,” Pam Golding said.

“We are patching any potential vulnerabilities and reinforcing our security protocol, and implementing additional monitoring tools to detect and respond to any future potentially suspicious activity.”

Pam Golding said they have notified those affected by the compromise in terms of the Protection of Personal Information Act (POPIA), and reported details of this matter to the Information Regulator as required by law.

“We have also reported it to South African Police Service and a case number has been allocated,” it said.

Additionally, Pam Golding said it appointed independent cybersecurity specialists to investigate the incident and said it would adopt any appropriate recommendations regarding its access control measures.

“While we are still in the process of fully investigating this incident, we will be implementing additional security measures to protect all information and to minimise the effect of this security compromise,” it said.