[ad_1]
(Getty)
- The Experian credit bureau now says it has found information apparently from a leak in its database “on the Internet.”
- The company gave the personal details of millions of South Africans, and company bank account numbers, to someone it describes as a scammer.
- He initially said that he had contained the breach, but did not mention that this took three months.
- He then said that he had reason to believe that the information had not spread further during that period.
- For more stories, visit www.BusinessInsider.co.za.
Information apparently gleaned from a massive data breach is “on the Internet,” the Experian credit bureau admitted Tuesday night.
To date, the company has insisted it had contained the breach, after handing over data on millions of South Africans and company bank account details to someone it describes as a scammer.
Now he says it will work to stop further dissemination of information.
As part of its investigation, “we have identified files that we believe contain Experian data related to the incident on the Internet,” Experian said in a statement.
“We continue to investigate these files and will take all steps in our power to reduce disclosure if possible.”
It also claimed, in direct contradiction to a timetable it has confirmed, to have taken “immediate steps to ensure that individuals and businesses in South Africa can take steps to protect themselves” once they became aware of the infringement.
Experian announced the breach publicly in August, and banks began issuing warnings to their clients that the leaked information could be used to scam them.
What the company did not mention, until asked by Business Insider South Africa, was that it had released the information in late May and noted that it had done so almost two months later, in July.
See also | SA’s massive data breach occurred in May and took nearly three months to ‘contain’
It took almost another month to investigate and obtain a private seizure order to recover the hardware on which the data had been stored.
Only after that did Experian inform consumers about the breach.
Having confiscated the hardware, the company said, it had contained the incident.
“We have been monitoring the various platforms (ie the dark web) to determine if the data is being offered for sale. We also employ a leading digital forensic investigator to assist us with our efforts,” said Experian, when asked by Business Insider. how I knew that the information had not been sold or distributed in the nearly three months that I was with the “scammer.”
“In addition, from our internal investigations, we determine that the fraudster conducts a market for credit and insurance services and uses the information to contact consumers in order to offer services to consumers.”
Experian has not said how it was initially unable to detect the spread of the information, or exactly how it intends to contain the data this time.
Receive a daily update on your cell phone with all our latest news – click here.
Get the best of our site by email daily: Click here.
Also from Business Insider South Africa:
[ad_2]
