Experian South Africa – a company that offers medium and large businesses consumer, business and credit data, marketing services and business decision analytics – said they have identified a suspect in the data breach reported on Wednesday, August 19. The company reportedly obtained and made use of an Anton Piller order to impound the suspect’s hardware.
The Anton Piller order is defined as a court order that “requires the defendant in proceedings to permit the plaintiff or his or her legal representatives to enter the defendant’s premises in order to obtain evidence essential to the plaintiff’s case”, according to PPM Attorneys.
During the data breach, the suspect accessed the personal information of approximately 24-million South Africans.
“We are continuing the legal process in this regard, including coordination with law enforcement and relevant authorities,” Experian said in a statement.
According to the company, ongoing investigations have revealed that a South African individual managed to hack the system by pretending to be a legitimate client, and fraudulently requested Experian services. These services involved providing the “client” with information that is already publicly available. They added that the South African bureau’s infrastructure, datatbase and systems had not been “compromised”.
“We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services,” Experian said. “Furthermore, upon discovering the incident, Experian South Africa notified the National Credit Regulator and the Information Regulator of the incident. We have also been engaged with Banking Association South Africa (BASA), South African Banking Risk Information Centre (SABRIC) and the prudential authority at the South African Reserve Bank (SARB).”
Anyone who has concerns that they may have been affected by the data breach is advised to visit www.mycreditcheck.co.za to access their free personal credit report.
On Wednesday, both SABRIC and banks were working with Experian to secure their data and ensure the suspect was brought to book.
“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” said SABRIC chief executive officer, Nischal Mewalall, said to BusinessTech.