Nedbank is investigating a cyber hacking that occurred at one of its service providers, Computer Facilities, which issues SMS and email marketing information on behalf of the bank and other companies.
According to a statement issued by Nedbank on Thursday morning, a subset of the potentially compromised data at Computer Facilities included some Nedbank clients’ personal information.
“No Nedbank systems or client bank accounts have been compromised in any manner whatsoever or are at risk as a result of this data issue at Computer Facilities” the statement reads.
“Nedbank identified the data security issue at Computer Facilities as part of our routine and ongoing monitoring procedures.”
The bank says once it was aware of the cyber breaching it urgently contacted the service provider and leading forensic experts to conduct an extensive investigation.
“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities. Information from Nedbank Retail relating to approximately 1.7 million clients [was] potentially affected, of which 1.1 million are active clients,” it stated.
The bank says that as a precautionary measure, it has disconnected Computer Facilities’ systems from the internet.
Nedbank CEO Mike Brown said it regrets the incident.
“The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities, which we have done,” says Brown.
Brown says it’s communicating with the affected clients.
The following alert was sent to one of Moneyweb’s staff members, who is a Nedbank client, on Thursday afternoon:
“We are also taking the necessary actions in close cooperation with the relevant regulators and authorities,” Brown says.
Fred Swanepoel, Nedbank group chief information officer, says the third-party service provider did not have any links to its systems.
“Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cybercrime,” Swanepoel says.
The bank said there’s no need for clients to take any further action other than continuing to be vigilant against fraud attempts.