You are currently viewing our desktop site, do you want to download our app instead?
Moneyweb Android App Moneyweb iOS App Moneyweb Mobile Web App

NEW SENS search and JSE share prices

More about the app

Liberty rejects extortion demands from hackers

Financial services group faces data breach scandal as client information is held to ransom.
Liberty’s Munro says the group engaged the hackers but made no concessions to the extortion. Picture: Supplied.

Financial services group Liberty said on Sunday evening that it has made no concessions to extortion demands from unknown hackers after the firm’s IT systems came under attack and the personal information of its clients was compromised.

During a press briefing, Liberty Group CEO David Munro described the attempt by hackers to obtain sensitive data as a “criminal act”.

Although Munro did not disclose a great deal of information about the identity of the hackers, the amount demanded or the number of affected clients, he did say that emails formed the bulk of the data stolen.

“It [the compromised information] seems to be emails and attachments. There is no evidence that customers have suffered financial losses … All policies and contracts remain in force,” said Munro.

“We are in full control of our IT environment. We deeply regret this act of criminality.”

Munro said specific and sensitive details about the data breach could not be disclosed as a criminal investigation is pending.

He said Liberty was alerted about the data breach on Thursday evening and alerted the authorities. However, Liberty sent out an SMS to its clients only on Saturday evening, informing them of the breach of security and unauthorised access to its IT systems by unknown hackers.

Asked why the group informed its clients two days after the initial alert on Thursday, Munro said the data breach was “out of the blue” and that these matters are “difficult to understand.”

He continued: “We can’t prepare for this [kind of] event. It took us a couple of days to get to the point where we could inform clients and understand the implications of the extortion attempts.”

He said the data breach has been limited to the company’s insurance operations in South Africa, and that its money management arm Stanlib has not been affected.

The hackers informed Liberty of vulnerabilities in its systems and demanded payment from the company, failing which they would release sensitive information about the firm’s clients to the public.

“We did engage the external party [the hackers] and we made no concessions to the extortion,” said Munro.

Liberty said that since becoming aware of the security and data breach, it had taken immediate steps to secure its computer systems and had launched an investigation into the incident.

“We are on top of the situation and working hard to protect customers,” said Munro. “We have devoted all efforts to protect customers and [their] details. We have assembled a full team of technology specialists that specialise in incidents like this. No money has been spared.”

Data breaches are a rising threat across industries, and regulations over personal information have toughened up in recent years. Such regulation includes the Protection of Personal Information Act, which puts the onus on companies to store, protect and safely destroy personal information.

A recent report by Australian cybersecurity researcher Troy Hunt along with Tefo Mohapi from iAfrikan Digital revealed that the sensitive personal information of nearly one million (934 000) South Africans who pay their traffic fines online had been publicly leaked. This leak contained identity numbers‚ email addresses‚ full names and passwords.

A similar breach of personal information occurred in 2017 when the records of over 60 million South Africans were compromised.




Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


Well done to Liberty for standing firm. One should never compromise and give in to extortion or criminal demands. Never, ever.

Mr David Munro, customers though, could in any case not have suffered any financial loss as a result of this IT breach as it clearly resorts under the responsibility and accountability of Liberty Life and any such potential loss can not become a customer risk.

Nice block France, killed that ” who carries the risk ” question dead. Disconcerting that you had to raise it and not Munro. I hope that other financial institutions are not asleep at the wheel like Liberty. Just because we are small does not mean that no one will see us as a target.

One can only hope that their information will not be used by this criminals

As long as they protect the client data

“Dear Hacker”. Herewith my Liberty RA Fund policy number. PLEASE ADD a zero behind my fund value! 😉 Will pay commission in crypto” *lol*

(Make one think of the possibilities…. 😉
How about hacking SARS & remove a zero from taxpayers still owing SARS? A zero moved from elsewhere to another, balances the net effect out, right? 😉

End of comments.





Follow us:

Search Articles:
Click a Company: