[ad_1]
The person behind the recent Absa data breach He was a credit analyst at the bank who had access to risk modeling systems and confidential customer information.
The employee, whom Absa said he trusted, leaked the customer’s data to an external platform and then sold it to third parties.
These are comments from Absa’s security director, Sandro Bucchianeri, who was talking to ENCA about data breach.
Bucchianeri first learned of the data breach on October 27, after which they informed the Information Regulator about it.
About a month after being first alerted to the data breach, Absa sent an email to affected customers warning them that their personal information had been shared with third parties.
He said communication with clients was delayed to ensure they did not compromise the investigation, which was undergoing judicial process at the time.
To date, Absa has not provided many details on the number of customers affected and the person behind the leak, but Bucchianeri has now shed more light on the issue.
It said that Absa’s credit analyst sold private information about its retail banking clients to third parties.
While Bucchianeri could not disclose who these third parties were, he said they were from a “marketing type perspective looking for that type of information.”
“They can use the information to sell services or try to commit fraud on these accounts,” he said.
This employee has subsequently been suspended pending further information. Absa has also brought criminal charges against the employee, and these are unfolding in court now.
Bucchianeri said the information that was leaked included bank account numbers, first and last names, identification numbers and contact details.
He added that the details of around 200,000 of his retail banking clients have been compromised.
Absa has now destroyed the leaked data and the external devices have undergone an independent forensic review.
“We are now in the process of obtaining the files for our own investigation,” Bucchianeri said.
He said Absa may also press charges against third parties who had access to the leaked data.
Following the data leak, Absa has implemented a greater control of all customer accounts that were leaked.
Email from Absa to affected customers
Dear Customer
We regret to notify you that Absa has identified an isolated internal data breach whereby the personal information of a limited number of Absa customers was shared with parties outside the Bank. We are contacting all affected customers directly.
Unfortunately, some of your personal information is part of this data, which includes your identity number, contact details, address and account numbers. Absa takes the protection of personal data very seriously and has taken proactive steps to address the potential risk to our customers.
We communicate with you, our valued customer, to assure you that we have taken precautionary measures to protect you and your financial interests. As part of these monitoring measures, you may receive a phone call from us to validate potentially suspicious transactions to ensure further protection of your interests. Please note that we will never ask you to share your “safe keys” (including your online banking PIN or password or your card’s CVV, PIN or one-time password) or to approve activities to prevent fraud .
Never reveal your “safe keys” to anyone, even if someone is posing as a bank representative. If you are unsure, we recommend that you end the call and call our fraud hotline on 0860 557 557.
Also, do not approve a mobile banking app request or any other transaction request if you are not conducting a transaction.
We have also implemented the necessary precautionary measures to prevent and detect possible unauthorized debit orders. Please be assured that we will contact you if we detect unauthorized debit orders on your account. Please note that we will never ask you to approve the revocation of unauthorized debit orders.
We maintain a full set of controls and processes to protect your data and are constantly improving them to ensure that we adapt to evolving techniques used by criminals to avoid them. We have already refined our controls and processes, in light of this commitment, to further strengthen our defenses and reduce the risk of an incident like this happening again.
In addition to Absa’s precautionary measures, and as additional protection against digital fraud, Absa also offers a free guarantee against digital fraud for customers using our mobile application.
Please contact your banker for clarity. Contact our fraud hotline on 0860 557 557 if you notice any suspicious activity. If you wish to dispute unauthorized debit orders, please call Private Assist on 0860 553 553 if you have a query about activity on your account.
Cheers
The Absa team
Interview with Absa’s security director, Sandro Bucchianeri
Now Read: Absa Hit By Data Breach
[ad_2]
