Insurance and financial services firm Liberty has disclosed a data breach, which exposed the personal information of its customers.
In a statement yesterday, the company says it detected unauthorised third-party access to select data systems, and immediately took steps to contain and mitigate the impact.
“Our services remain unaffected, fully operational and available to all our clients, advisers and employees,” says Yuresh Maharaj, CEO of Liberty.
“Our team, supported by experts, has launched a full investigation into this incident. We operate within a robust regulatory framework and fully comply with all applicable obligations. We are notifying all affected clients. We regret any concern this may have caused.”
A Liberty client who called the company after the breach told ITWeb that they were informed by the insurer that the compromised personal information includes ID numbers and names.
An SMS sent to Liberty clients reads: "Liberty recently detected unauthorised access to your personal information. Your policies and investments remain secure and our services are running normally."
South Africa’s Protection of Personal Information Act places a legal obligation on organisations to act swiftly in the event of a data breach.
The law requires responsible parties to notify the Information Regulator as soon as reasonably possible after becoming aware of a compromise involving personal information.
In addition, companies must inform affected data subjects without undue delay, providing sufficient detail about the nature of the breach, the potential consequences, and the measures being taken to address it.
The aim is to ensure transparency, enable individuals to take protective action, and strengthen accountability in how organisations safeguard personal data.
Following the data breach, Liberty is urging clients to maintain strong digital hygiene practices, including exercising caution when receiving unexpected e-mails, phone calls or text messages claiming to be from the company or other trusted organisations.
Customers are advised not to click on suspicious links or open attachments from unknown senders, and to never disclose passwords, PINs or one-time PINs, SMS or e-mail.
Liberty also recommends that clients remain vigilant by regularly monitoring their accounts, statements and credit profiles for any unusual activity, while ensuring they use strong, unique passwords and enable multi-factor authentication wherever possible.
The incident comes as South Africa is facing a sharp rise in data breaches, with new research indicating a sustained increase in both the frequency and financial impact of cyber incidents across sectors.
Last week, ITWeb reported that JSE-listed companies could lose as much as 30% of their share value following a crisis such as a cyber attack, in an environment where hacks are surging even as response times improve.
Threats per week are growing, with Check Point Research saying that in January, South African organisations faced an average of 2 145 cyber attacks per week, a 36% increase year-on-year. The global average was 2 090.
This is not the first time that Liberty has suffered a cyber attack. In 2018, the company also experienced a breach and informed its clients: “An external party has gained unauthorised access to Liberty Group's IT infrastructure.”
In a message addressed to clients, it told its customers about the security breach, noting that compensation had also been requested.
Share
