Subscribe
About
  • Home
  • /
  • Security
  • /
  • Experian data breach fraudster re-arrested, denied bail

Experian data breach fraudster re-arrested, denied bail

Admire Moyo
By Admire Moyo, ITWeb news editor.
Johannesburg, 17 Mar 2023

Convicted Experian data breach fraudster Karabo Phungula is expected to be sentenced on 24 March.

This, after he was yesterday denied bail at the Palmridge Specialised Commercial Crimes Court for failing on several occasions to appear in court for his sentencing.

After his failure to appear in court, a warrant for his arrest was issued by the Palmridge Specialised Commercial Crimes Court on 1 March.

The Hawks Serious Commercial Crime Investigation unit acted on intelligence information and re-arrested the convicted businessman on 13 March.

He then appeared in court, where he was remanded in custody for his next court appearance on 16 March for enquiries and further sentencing.

In a statement issued yesterday, SAPS says: “The case against the convicted businessman Karabo Phungula was remanded to 24 March for sentencing. The Hawks successfully opposed his bail bid as he has absconded several times before.”

Phungula was found guilty and convicted by the Palmridge Specialised Commercial Crimes Court in October 2022 for illegal acquisition of the personal and business data of many South Africans from data services firm Experian.

In August 2020, credit bureau Experian suffered a data breach that exposed the personal information of as many as 24 million South Africans and 793 749 business entities.

One month later, it emerged that some data from the credit bureau was compromised and subsequently leaked on the internet.

In another incident, attempts were made to sell the leaked data on a dark web marketplace that was not generally available to the public.

The State charged that Phungula not only fraudulently obtained the data but also planned to sell it for more than R4 million. Phungula impersonated a businessman who was authorised to have the information.

The credit bureau detected the breach on 20 July, more than 50 days after the data had already been transferred.

Share