[ad_1]
South Africa’s information regulator says it has received information from a whistleblower that the personal information of South Africans exposed by the Experian data breach has reached the ‘dark web’.
The dark web allows criminals to anonymously sell stolen personal information, along with all kinds of contraband, such as illicit drugs and weapons.
The whistleblower said that the personal information released includes:
- Mobile phone numbers;
- Home phone numbers;
- Work phone numbers;
- Job Details; and
- Identity numbers.
Company personal information includes:
- Names of the companies;
- Contact details;
- VAT numbers; and
- Bank data.
The regulator said it is “extremely concerned” by the information it has received from the whistleblower, especially after Experian assured it that the personal information of those concerned was properly protected.
“The information that Experian has provided to the regulator so far raises serious concerns, when it comes to the protection of personal information,” he said.
“In an effort to explore an appropriate solution that ensures adequate protection of data subjects’ personal information, the regulator has decided to conduct an independent review to assess the scope of the data breach and explore a suitable solution that ensures that all information staff released by Experian is duly protected. “
As Experian’s website is hosted in Switzerland, the regulator said it will draw the attention of its Swiss counterpart, the Federal Commissioner for Information and Data Protection, to the data breach, as the breach involves a cross-border flow of information. personal.
The regulator said it received further correspondence from Experian confirming that they had verified that the files on the Internet were misappropriated data.
The files were reportedly removed from the site and Experian is conducting additional investigation.
Another correspondence from Experian indicated that the data was not on the dark web but was placed on a third-party data-sharing site on the Internet, and that the third-party has disabled the links and the data has been removed.
The regulator said Experian has committed to cooperating with the regulator in the review process.
Experian rape
Experian, a consumer credit reporting company, said on Aug. 19 that it experienced a data breach that has exposed the personal information of up to 24 million South Africans and 793,749 business entities to a suspected scammer.
The breach has been reported to authorities, and South African banks have been working with Experian and the South African Banking Risk Center (Sabric) to identify which of their clients may have been exposed to the breach and to protect their personal information, including during the investigation. unfolds.
While it was not specified how this information was published on the dark web, it is possible that this data is now being sold to illicit buyers. A 2018 report found it costs only R14,000 to buy all your personal data from the dark web.
Hacked financial details are by far the most frequently listed items, and credit cards in particular are the most valuable, according to the report.
Read: Experian Data Breach – New Law to Crack Down Future Attacks in South Africa
[ad_2]
