SA-based debt collector hit by massive ransomware attack

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 22 Sept 2021

Debt-IN Consultants, a debt recovery solutions partner to many South African financial services institutions, says a ransomware attack by cyber criminals has resulted in a significant data breach of consumer and employee personal information.

In a statement, Debt-IN Consultants says it is suspected that consumer and personal information of more than 1.4 million South Africans was illegally accessed from Debt-IN servers in April.

However, it notes this breach only came to light last week, with the discovery that confidential consumer data and voice recordings of calls between Debt-IN debt recovery agents and financial services customers had been posted on hidden internet sites that are only accessible by a specialised web browser.

Debt-IN says it is working closely with the information regulator, law enforcement agencies and other cyber security partners to rapidly gather facts, resolve the issue and provide ongoing information to clients.

The Protection of Personal Information Act stipulates that in the event of a security compromise, a person or business that is responsible for personal information has to notify the Information Regulator, as well as any parties whose personal information has been accessed or acquired by an unauthorised party.

Debt-IN adds that while the investigations are ongoing and the analysis subject to change, the findings to date show there has been no further breach and enhanced data protection measures remain securely in place.

Calling in the experts

The company says it has taken immediate and appropriate actions to reinforce existing security measures and to mitigate any further potential impacts of the breach, including assembling a team of highly-regarded and globally-experienced cyber breach and forensic experts to work with Debt-IN on the incident.

“Debt-IN deeply regrets this cyber attack, and we apologise unreservedly for the inconvenience and anxiety the data breach has caused our clients, and their customers,” says CEO Mark Essey.

“We are taking this matter very seriously. In this age of highly-sophisticated information security threats and an estimated 17 billion cyber attacks around the world every day, Debt-IN is committed to doing all it can to protect clients’ information. We reiterate that we view this attack as the act of malicious cyber criminals. From the time this data breach was detected, our guiding principle has been to put our clients first, and we will continue to do so,” says Essey.

South African organisations are increasingly falling victim to ransomware attacks.

In late July, South Africa’s ports and railways were brought to a standstill as a cyber attack hit Transnet, the country’s rail, port and pipeline company.

The Department of Justice and Constitutional Development was also recently hit by a ransomware attack, which resulted in all electronic services provided by the department being affected, including the issuing of letters of authority, bail services, e-mail and the departmental website.

Also this month, the South African National Space Agency – a government agency responsible for the promotion and development of aeronautics and aerospace space research in SA – notified the public of a breach to its IT systems.

Larger targets

“The IT industry has seen a massive increase in ransomware attacks since the start of lockdown, when companies’ digital footprints increased as remote work became the norm,” says Marilyn Moodley, country leader for South Africa and West, East, Central Africa at SoftwareONE.

Problematically, she says, many organisations unfortunately only realise too late that ransomware protection is a business issue and not an IT issue.

Moodley points out that this past year, JBS SA, PPS and Life Health Care Group were some of the companies that made headlines after similar attacks – at massive cost not only from a financial perspective, but also in terms of downtime and job losses.

The Sophos State of Ransomware 2021 global report showed the average cost of remediating a ransomware attack in SA is R6.4 billion.

In the first 100 days of the lockdown alone, Mimecast researchers detected huge increases in spam attacks (up 46%), impersonation attacks (up 75%) and malware, which spiked by 385%.

Nearly half (45%) of the South African respondents said ransomware attacks had impacted their organisation.

“And not only large corporates are at risk – but attackers also see SMEs as an ideal target because they are unlikely to have sophisticated defences,” says Moodley.

Debt-IN says concerned customers and clients can direct their enquiries to the company at, or via toll-free number 0800 079 661.