SA banks caught up in ransomware attack on debt collector

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 23 Sept 2021

South African banks have acknowledged some of their customers’ data was compromised by the cyber attack on debt recovery solutions provider Debt-IN Consultants.

ITWeb yesterday reported that debt collector Debt-IN was hit by a ransomware attack which exposed as much as 1.4 million personal records of South Africans.

Debt-IN, a debt recovery solutions partner to many South African financial services institutions, said the ransomware attack by cyber criminals resulted in a significant data breach of consumer and employee personal information.

FNB, Absa, Standard Bank and African Bank are some of the financial institutions that make use of Debt-IN’s services, and have confirmed the impact of the cyber attack on their businesses.

The debt collector believes it was attacked in April, but only discovered the breach last week – about five months later.

Says FNB in a statement to ITWeb: “FNB has been made aware of a data breach that has impacted Debt-IN, a third-party provider of debt recovery services.

“The bank takes the protection of customer information and privacy very seriously. As a result, we are communicating directly to customers whose information may have been exposed. Furthermore, we are exercising our legislative obligations in line with data privacy and protection guidelines.”

Repairing the rupture

Absa notes it is aware of the breach, which includes a small portion of its customer data and voice recordings.

“Absa is working closely with the third-party to investigate the cause of the breach and to prevent any further data being exposed as a result of this incident. Furthermore, the bank has taken additional precautions and has heightened monitoring of these customer accounts.

“Specifically, all Absa’s customer information from the service provider has been recalled and all data transfers have been suspended with immediate effect. An independent review of the service provider’s IT environment has also been initiated. Absa will notify impacted customers directly.”

The big-four bank says customers who suspect suspicious activity are requested to contact the Absa fraud hotline on 0860 557 557.

“As an added measure, Absa also offers a free digital fraud warranty for customers using our mobile app,” says the bank.

Yesterday, African Bank issued a statement confirming Debt-IN was targeted by sophisticated cyber criminals in April.

African Bank notes that at the time, expert security advice concluded there was no evidence the ransomware attack had resulted in a data breach.

It adds that Debt-IN is now aware that the personal data of certain customers, including a number of African Bank loan customers under debt review, has been compromised.

According to the bank, Debt-IN is confident no data shared post-1 April 2021 has been compromised. A robust mitigation plan has been implemented by Debt-IN to contain and reduce any further adverse impact, it notes.

“We have been collaborating with Debt-IN to address this breach,” says Piet Swanepoel, chief risk officer of African Bank.

“We have notified the relevant regulatory authorities and we are also in the process of alerting customers who have been affected, via e-mail and SMS.”

As an additional precautionary step, African Bank’s fraud prevention team has enhanced security measures to protect all customers, says the bank.

Standard Bank says it is treating this incident, and the investigation surrounding it, with the utmost priority while working closely with Debt-IN, the relevant authorities, the South African Banking Risk Information Centre, the Southern African Fraud Prevention Service and the Banking Association of South Africa to mitigate any potential impact.

“We apologise for the anxiety that this incident is causing our impacted clients. We would also like to assure them that, if they have not been contacted by Standard Bank, they have not been impacted.

“Standard Bank is doing everything possible to ensure that our clients are protected from potential fraudulent use of their personal information. We have already proactively stepped up our authentication processes and our fraud prevention and detection strategies to protect our clients.”

The bank says should clients suspect that their bank accounts or cards have been compromised, please contact us on 0860 123 000 or your relationship manager directly.

Nedbank says it has not been impacted.

Worrying trend

The Southern African Fraud Prevention Service (SAFPS) comments that since government imposed the national lockdown, there has been a significant move towards social distancing, and essential services within the financial services industry have moved online.

“Criminals have also moved online,” says Manie van Schalkwyk, CEO of SAFPS. “It is estimated there are 17 billion cyber attacks that take place around the world every day.”

According to SAFPS, over the past two years, more South African companies have been reporting they have been victims of cyber attacks and data breaches. This includes Experian (July 2020), Absa (November 2020) and Transnet (June 2021). In the Experian and Absa breaches, personal information of consumers was compromised, it says.

The Department of Justice and Constitutional Development was also recently hit by a ransomware attack, which resulted in all electronic services provided by the department being affected, including the issuing of letters of authority, bail services, e-mail and the departmental website.

Also this month, the South African National Space Agency – a government agency responsible for the promotion and development of aeronautics and aerospace space research in SA – notified the public of a breach to its IT systems.

Dalene Deale, executive head of Secure Citizen, an entity created through collaboration with the SAFPS and OneVault in response to a rapid growth in identity theft following online fraud, says: “Fraudsters do not discriminate. As we continuously move towards the adoption of a digital and more importantly ‘touchless’ era, the platform for fraud increases.

“Thanks to an increase in data breaches, fraudsters are motivated and armed with the correct information, meaning they are very capable of impersonating an individual. The impacts of this are catastrophic,” says Deale.

Van Schalkwyk points out that the Debt-IN data breach is concerning as the records of 1.4 million South Africans have been compromised.

“In a country where identity fraud is common practice, this is extremely concerning. It is critical that consumers act now before significant fraud is unknowingly committed on their behalf.”