You are currently viewing our desktop site, do you want to download our app instead?
Moneyweb Android App Moneyweb iOS App Moneyweb Mobile Web App

Absa’s data leak explained

Involved ‘unlawful’ leaking of client information by an employee.
Image: Moneyweb

Absa has been hit by a data leak, which the banking group said on Monday evening was limited in nature, but which involved the “unlawful” leaking of client information by an employee.

Absa said on Monday evening in an e-mailed statement to TechCentral that the employee had “unlawfully made customer data available to a small number of external parties”.

“Absa advises that an employee has unlawfully made selected customer data available to a small number of external parties. The leaked data relates to a small portion of Absa South Africa’s customer base, although investigations continue,” it said. The bank did not immediately say what type of information was handed over.

It did not say when the leak happened.“Upon discovering the contravention, Absa secured high court orders that enabled search and seizure operations at various premises and secured all devices containing the data. The data on these devices was subsequently destroyed,” the bank added.

Enhanced monitoring
“Absa has enhanced the monitoring of customer accounts that have been affected to date and is contacting customers directly,” it said.

“Absa has brought criminal charges against the employee, and internally the requisite consequence management has been undertaken.

“Absa may take further action in relation to the recipients of the data once the full scope of the leak is identified and all investigations are completed.”  — (c) 2020 NewsCentral Media

Duncan McLeod is Editor of TechCentral.

This article was first published on TechCentral here.


Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in to comment.


Not the first time ABSA have had such “interventions” by staff – have they not learnt anything from previous leaks

You ain’t seen nothing yet: recently a bank system displayed personal details down to passwords online. Screen offered downloadable to Excel option of the data.

In fairness to other banks: it was Standard Bank.

Well I am not surprised considering how they treat their so called “associates”.
My wife gave them 6 hard years and week 2 into lockdown in April came the email – totally unexpected. You’re outta here. Zero compensation or assistance as she is an IT consultant.

Suddenly they have discovered they have lost most of their Skills Levy spend due to lack of Training – and now 6 months later have come crawling back with tail between their legs asking her to come back.

No sorry we screwed up or any remorse for the upheaval caused in our house for absolutely no reason.

I told her to flip them the bird – but it is not in her nature.

Really bad human resource management at ABSA.

Sorry to hear of your spouse’ ordeal with ABSA retrenchment. Always traumatic to say the least 🙁

Good thing her skills are in short supply 🙂

Reminds me of STD Bank trimming its IT dept staff some years ago, and then why one is surprized to hear of data leaks or external hacks.

(For your wife next 2021 SARS return, those few months being unemployed, will work marvels for her tax refund come next year…it could run into the tens of thousands of rands (depending on her annual income level, and the number of months unemployed)

Thanks for the heads up on the Tax front and appreciate it. Will definitely follow that up.
As you mentioned about Standard Bank my neighbour worked in their Talent and Training dept as well and was retrenched in 2018. Has still not been able to find gainful employment being the of the wrong hue and age……
And I have decided to take my wife on in my own IT business. My best BEEEEEE ticket I have for now.Hehhehehe

@Gil. Good for you sir! (…taking on your wife as IT specialist). Later on all these small non-BEE compliant IT companies are left with the skills.

“Data was destroyed.”

Yeah, right. The minute it goes outside, it can no longer be destroyed.

They have got everything from names, contact details, IDs, account details. Yesterday I received an SMS from Woolies with my initials and surname saying I can get an extra 10% off if I open an account. I was wondering how did they get my details and later on I received an email from absa saying my details were leaked.

Companies that use databases must be legally obliged to have assured themselves that the data was legally obtained. Woollies (if this was from the stolen data) spends inordinate effort on their goods supply chains to ensure it is from certified regulatory compliant ethical etc sources. Why not their data?

I agree Johan. Khande, may I suggest you ask WW Financial Services where they obtained your details from? It’s only a fair question.

Thank Goodness I dnn’t bank with ABSA. Don’t staff undergo onboarding orientation, and further training down the line that should include training ethics and code of conduct anymore? And importantly, what is it with employers who don’t throw a book at these errant employees?

Its getting increasingly difficult with all these bank connected scandals to know who exactly to fear? Is it the pickpocket plying his trade in the bank lobby pretending to be filling forms, while s/he is marking people making large deposits or withdrawals (while bank employees paid by the hour, are just milling around purposelessly), or the person behind the teller machine to whom you are handing your valuables!!!

Besides the ethics of the staff, one expects that a bank has systems in place that prevent pilferage. It is not difficult to make sensitive data system-bound by disabling copy paste, downloads, USB drive copying, screen scraping, monitoring, etc.

I secretly long for the days of 3270 screens and mainframe computer security – the control freak in me.

The leak may be explained but the time, money and effort I’ll have to expend fighting SPAM and cold-callers is not explained.

And let’s hope no actual fraud is perpetrated. More time, more money, more affidavits. Speaking out of experience.

Pity it’s not past 30 June 2021.

End of comments.





Follow us:

Search Articles:Advanced Search
Click a Company: