Sable International, a global financial and immigration services firm, has become a victim of a “sophisticated” cyber attack.
In a statement, the firm says it has reported the breach to the relevant regulatory and law enforcement authorities in South Africa and the UK.
Under SA’s data privacy law − the Protection of Personal Information Act − organisations that suffer data breaches must inform the Information Regulator.
Founded by South African-born Reg Bamford, Sable International offers its services to expats and high-net-worth individuals.
The company notes it has always prioritised the highest level of data and IT system integrity.
“Despite the robust measures we have in place, we have nonetheless become a victim of a sophisticated, criminal cyber attack,” it says.
The Sable International attack comes as the cost to recover from data breaches continues to rise for South African organisations.
IBM’s newly-released 2024 Cost of a Data Breach Report shows data breach mitigation in SA now costs R53.10 million per incident, on average. This figure is up from R49.45 million in 2023.
The last few years have seen local organisations, particularly government entities, healthcare and financial firms, falling victim to attacks and data breaches, or being forced offline.
This led to the Information Regulator, SA’s data privacy enforcer, noting the alarming rate at which data breaches are increasing in the country.
In the 2022 financial year (February 2023), the watchdog said it received 500 notifications of data breaches or security incidents. In the 2023 financial year (February 2024), the number spiked to over 1 700 reported security compromises – more than triple.
“We have launched an extensive internal investigation into the extent of the data breach. The current results of our investigation show that, at this stage, a limited number of clients have had their personal data compromised,” says Sable International.
“We have already contacted these clients and are working with them to help mitigate the risk posed by this incident. Our investigation is ongoing, so should we become aware that any further clients have been impacted, we will contact them immediately.”
The company adds it has come to its attention that some clients have been sent e-mail communication that originates from the hacker, and it is asking that if clients receive such a communication, that they do not respond, and contact the firm immediately.
“Since this attack, our number one priority has been to take every measure possible to protect our clients’ information and the future integrity of our systems. As a security measure, we have also proactively shut down our server, website and transactional portal, while we manage this incident.”
At the time of writing, the company’s website was still down.
The firm points out it is of the utmost importance to remain personally available to clients during this time.
Bamford, group CEO of Sable International, says: “I am devastated at this attack and we’re doing everything we can to protect the interests and security of our clients.
“I would like to apologise to our clients about what has taken place, and to express our deep appreciation of their support during this difficult time. We are here to help them as best we can.”
Share