Nedbank has announced that a security breach at a third-party supplier has compromised the details of approximately 1.7 million clients.
The breach was discovered at Computer Services Ltd, a service provider that issues SMS and email marketing on behalf of Nedbank. Nedbank detected the breach while a routine and ongoing monitoring procedure was underway.
In a statement Nedbank said: “A subset of the potentially compromised data at Computer Facilities included personal information, includes names, ID numbers, telephone numbers, physical and/or email addresses of some Nedbank clients.
“No Nedbank systems or client bank accounts have been compromised in any manner whatsoever or are at risk as a result of this data issue at Computer Facilities (Pty) Ltd. Once we became aware of the issue, we engaged as a matter of urgency with the service provider and leading forensic experts to conduct an extensive investigation.”
Nedbank clients’ bank accounts are not at risk and they do not need to take any further action other than continuing to be vigilant against attempts at fraud.
Nedbank has destroyed all client information stored on Computer Facilities (Pty) Ltd. facilities. Nedbank’s system has in no way been compromised and the incident is isolated to the service provider. Computer Facilities’s systems have been disconnected from the internet until further notice as a precautionary measure.
“We regret the incident that occurred at the third-party service provider, namely Computer Facilities (Pty) Ltd and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities (Pty) Ltd, which we have done. In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities,” Nedbank CEO Mike Brown says.
Nedbank Group Chief Information Officer Fred Swanepoel says: “The third-party service provider namely, Computer Facilities (Pty) Ltd did not have any links to our systems. Our team of IT specialists and external cyber security experts have been working continuously with them since we became aware of this matter. Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cyber-crime.”
Computer Facilities (Pty) Ltd is obligated to notify any of their other customers potentially impacted by the incident.
If you have any questions or concerns, contact Nedbank’s call centre on 0860 775 775 or email: [email protected].