Counting the cost of Liberty’s cyber attack 

The firm could face civil lawsuits from its clients or a fine from the information regulator.
Liberty Group CEO David Munro. Picture: Supplied

Liberty could face massive fines through civil lawsuits or from a government-mandated information regulator after falling victim to a cyber attack by unknown hackers.

The financial services firm is fighting to prevent the release of clients’ personal information after its IT systems came under attack on Thursday by hackers who demanded payment.

Insurance companies process and store the sensitive data of millions of clients, including their ID numbers, medical reports and banking details.

Civil claims from aggrieved clients could potentially emerge on the basis of their right to privacy being infringed, while fines as high as R10 million for each data breach incident could be levied under the Protection of Personal Information (Popi) Act.

The Popi Act, introduced when government realised that data breaches were a rising threat across industries, puts the onus on companies to safeguard the collection and storage of personal information. While much of the act has not yet been enacted into law, advocate Pansy Tlakula has been appointed as information regulator. Her office has vowed to revisit past data breach incidents. 

This means that Liberty’s data breach might be reviewed once the Popi Act is enacted into law, says Santho Mohapeloa, digital distribution specialist at SHA Specialist Underwriters. If the data breach occurred as a result of a contravention of Popi, then the principle of strict liability would apply – subject to a responsible party being found to have failed to comply with the act.

Listen to the podcast: Liberty data breach: it could happen to any corporate

A fine would be warranted if Liberty’s IT systems were found by the regulator to be poor.

Liberty sent out an SMS on Saturday evening to its clients informing them of the breach of security and unauthorised access to its IT systems. Liberty Group CEO David Munro confirmed on Sunday evening that “criminals” accessed an e-mail server and attachments of its core South African Liberty insurance business.

Liberty did not disclose a great deal of information about the number of affected clients, and Munro said it has since dispatched a team of IT and security specialists to investigate the breach. He said Liberty clients would not suffer any financial loss from the cyber attack. 

Mohapeloa said averting financial losses would not absolve Liberty from civil lawsuits as its clients could argue that the cyber attack caused personal damages. “There is an over-emphasis by companies on the actual money being stolen after a data breach, but people forget what criminals can do with the information,” he says. “It could lead to extortion and identity theft.”

Andrew Chester, MD of technology and security specialist firm Ukuvuma Cyber Security, said the onus was on Liberty to ensure that customer data was secure.

Chester said the cyber attack could end up costing Liberty “millions in real and reputational damage” in light of the recently introduced General Data Protection Regulation, a European Union law that toughens the protection of personal information. He said Liberty has European stakeholders, who also have to be informed about the data breach.

“Should client personal data leak onto the dark or public web, a lot of personal liability issues become a reality for Liberty.”



Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


Well, as much as the hack was illegal, this is the price Liberty will have to pay for NOT securing their (clients’) data correctly. It’s almost inconceivable that a company with their reputation would literally be “caught with their pants down”, but it simply goes to show that we take so much for granted when dealing with these companies that they appear to take advantage of this and “cut corners” to reduce their operating costs.

I hope this incident will ensure that all the other companies check their own systems and do the necessary to avoid similar hacks and protect our private information.

Indeed: BS really does baffle brains.

I still have a few Liberty policies and this is most unfortunate and a bit worrying. However……..

This article and some of the comments says it all about society today in SA and also offshore.

SFA to contribute to assist in fixing a worldwide and very difficult problem that is in fact relatively (unnerstand that word?) new.

So much easier and more flattering to the ego, to blame, attack, threaten, fine, destroy. That is what one does when you have SFA of consequence to say or do.

Is there a guvmint agency that does research and development into minimizing (not you cannot stop it) cyber crime and that offers recommendations and assistance to all- it does not have to be free?

Then comes:
-a “government-mandated information regulator” to add more damage via fines (tax to prop up a failed state)

-every man and his dog, with greed dripping from his/her mouth, looking for cash out of lawsuits.


Pacaratac if i can like your comment twice, i will,what other measure govt have in place to prevent the crime

End of comments.




Instrument Details  

You do not have any portfolios, please create one here.
You do not have an alert portfolio, please create one here.

Follow us:

Search Articles:
Click a Company: