Experian data breach: ‘It’s not as bad as feared’

Experian states it has identified a suspect and obtained an Anton Piller or court order against them.
Image: Reuters

The data breach at credit bureau Experian Africa may not be as serious as first feared. The company said late on Wednesday that its investigations show that the compromised data was not used for fraud.

“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian,” it said in a statement published on its website.

“The services involved the release of information that is provided in the ordinary course of business or which is publicly available. We can confirm that no consumer credit or consumer financial information was obtained,” it added.

“Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”

Earlier on Wednesday, the South African Bank Risk Information Centre (Sabric) said Experian had experienced a data breach that exposed the personal information of as many as 24 million South Africans and 800 000 businesses.

“Banks have been working with Experian and Sabric to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds,” Sabric said in a statement. “Banks and Sabric have also been co-operating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.”

Anton Piller order

Experian said in its statement that it has identified a suspect and obtained an Anton Piller or court order against them. This resulted in the suspect’s hardware being impounded and the misappropriated data being secured and deleted. “We are continuing the legal process in this regard, including co-ordination with law enforcement and relevant authorities,” it said.

Experian said that after it discovered the incident, it notified the National Credit Regulator and the Information Regulator. It insisted that its infrastructure, systems and database were not compromised.

© 2020 NewsCentral Media

Duncan McLeod is editor of TechCentral.

This article was first published on TechCentral, here.




Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


From Experian’s website…

“Experian unlocks the power of data to create opportunities for consumers, businesses and society.”

…..and for the thieves and fraudsters to boot!

How does a single person (so far ) download this amount of data – must have been with the full knowledge of the company that he/she worked for. Hope this story has a happy ending i.e. imprisoned for each count of data theft and no access to computers whilst in orange overalls

From what I could see the banks were telling us that it’s our problem that they give data to the bureaus and the bureaus have data breaches.

How about the banks take some responsibility for our money that we are forced, through legislation to give them AND for which they charge us?

If the bank has my money and my money goes missing, that is not my problem. The bank lost my money and must give it back.

The goverbment should not just trust the word of Experien. How many times have we had companies promise, ‘there is nothing to worry about’ when in effect there was plenty to actually not only worry about but literally the was more than enough to lose sleep over? Remember how seemingly reputable companies like KPMG resssuered the naton that there was nothing wrong, while in the meantime the State was being pillaged or banks like VBS were being held up and robbed blind from inside! The government should mot just take the word of Exoerian here too, it trust but verify, and put them on notice, ‘this happens again, you are out of here’, just like it should the criminally inclined audit firms. It makes no sense that Experian raised alarm, only to tell us, ‘oh, well …it was our wild imagination, there is nothing here.’ I contend there is more than meets the eye, and the goverbment regulatory body should see for itself, and satisfy itself and ensure all safegurds are taken to ensure the security of out data.

Experian should stop claiming nothing important was taken and specifically state what information was stolen. How hard can that be?

End of comments.



Subscribe to our mailing list

* indicates required
Moneyweb newsletters

Instrument Details  

You do not have any portfolios, please create one here.
You do not have an alert portfolio, please create one here.

Follow us:

Search Articles:
Click a Company: