Subscribe
About

Data from Experian breach dumped on the Internet

Admire Moyo
By Admire Moyo, ITWeb news editor.
Johannesburg, 02 Sep 2020

Some data from credit bureau Experian that was recently compromised has been leaked on the Internet.

Experian made headlines after it experienced a data breach which exposed the personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.

According to a report by iAfrikan, after investigations and a tip-off, the alleged Experian database, as mentioned to be part of the data breach, is available on the Web on publicly viewable Web sites and forums.

In a tweet, data breach and record exposure search engine Have I Been Pwned says: “Experian South Africa had tens of millions of personal records breached last month. Only 1.3 million contained e-mail addresses, with others including government-issued IDs, names, addresses and employment info. 66% were already in @haveibeenpwned.”

Experian yesterday issued a statement saying: “Experian continues to investigate the isolated incident in South Africa involving fraudulent data inquiry.”

According to the credit bureau, as part of the investigation, “we have identified files which we believe contain Experian data relating to the incident on the Internet. We continue to investigate these files and we will take all steps available to us to reduce further dissemination if possible.

“We can confirm that a criminal case was opened last week in South Africa and the matter is now in the hands of law enforcement.

“Our priority remains on supporting consumers and businesses in South Africa. When we first became aware of the fraudulent incident, we took immediate steps to make sure that individuals and businesses in South Africa could take steps to protect themselves.”

The company says the fraudster obtained business information on some South African business entities.

“We reiterate, however, that no sensitive consumer credit or financial information was obtained by the fraudster in this incident.

“We continue to advise any individual who has concerns about their data to check their credit report by visiting www.mycreditcheck.co.za, which they can do for free, for life. They will also receive free SMS alerts when a credit enquiry is made on their credit report from now until 1 March 2021.”

Amid the spike in data breaches in SA, the Information Regulator recently told ITWeb that in the last four months, the regulator has recorded 25 data breaches, 19 of which were self-reported.

Experian and the Information Regulator issued a joint statement saying an individual purporting to represent a legitimate client of Experian South Africa fraudulently requested services from Experian.

They said the services involved the release of consumer information which included telephone numbers and in some instances an address and employment details of individuals.

No consumer credit or financial information was obtained by the fraudster in this incident, they said, adding the fraudster also obtained bank account numbers on some business entities.

Share