1.7m Nedbank clients exposed after service provider hack
A Nedbank service provider’s IT systems have been breached, exposing the big four bank's personal information of up to 1.7 million clients.
In a statement this morning, the bank says it has investigated a data security issue that occurred at the premises of a third-party service provider, namely Computer Facilities.
Computer Facilities is a direct marketing company that issues SMS and e-mail marketing information on behalf of Nedbank and a number of other companies, says the bank.
It points out that a subset of the potentially compromised data at Computer Facilities included personal information (names, ID numbers, telephone numbers, physical and/or e-mail addresses) of some Nedbank clients.
However, it says no Nedbank systems or client bank accounts have been compromised in any manner whatsoever, or are at risk as a result of this data issue at Computer Facilities.
“Nedbank identified the data security issue at Computer Facilities as part of our routine and ongoing monitoring procedures,” the bank notes.
“Once we became aware of the issue, we engaged as a matter of urgency with the service provider and leading forensic experts to conduct an extensive investigation.
“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities. Information from Nedbank Retail relating to approximately 1.7 million clients were potentially affected, of which 1.1 million are active clients.”
Nedbank says this incident is isolated to the third-party service provider’s systems. As a further precautionary measure, Computer Facilities systems have been disconnected from the Internet until further notice, it says.
“We regret the incident that occurred at the third-party service provider, namely Computer Facilities, and the matter is receiving our urgent attention,” says Nedbank CEO Mark Brown.
“The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities, which we have done. In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities.
Nedbank group chief information officer Fred Swanepoel says: “The third-party service provider did not have any links to our systems. Our team of IT specialists and external cyber security experts have been working continuously with them since we became aware of this matter.
“Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cyber crime.
“We have advised Computer Facilities of their obligation to notify any of their other customers potentially impacted by the incident.”