Reading Time: 3 minutes

Experian Data Breach Fraudster Found

Someone who pretended to be a client managed to get the credit info and personal details of 24 million South Africans.

Experian is one of South Africa’s biggest credit bureaus and recently had to admit that someone had fraudulently gained access to credit records and personal info about 24 million South African credit users.

Were They ‘Hacked’?

No, it wasn’t a traditional “hack” as you might think of, with some naughty teenager brute-forcing their way through firewalls onto the Experian servers using computer smarts and stealing all the info while people were sleeping. The information was simply gained by the fraudster pretending to be a client of Experian and asking for the info.

Once Experian realised that the info had gone to someone it shouldn’t have, they were quick to inform the South African Banking Risk Information Centre (Sabric) and other Law enforcement agencies who quickly sprung into action to track down the perpetrator.

‘they were able to track down the person and the computers were the information was being kept’

Just a day after the breach had been announced the authorities were able to track down the person and the computers where the information was being kept. They were then able to swoop in and seize the machines and hopefully prevent the information being spread further.

Has Your Data Been Sold?

According to Experian and Sabric: No, it has not and they have recovered all the information that was illegally obtained. They are claiming that the person never sent that information to anyone else or stored it anywhere else or made copies of it etc.

They have revealed, however, that the fraudster had indeed planned to sell off the information to others who could have perhaps used the information to either try scam people or simply to circumvent PoPI restrictions. It seems the main plan was to sell the info to people who offer marketing leads to companies that offer insurance and other credit related services.

The major banks have been sending out reminders to clients to be on the watch for suspicious transactions or the opening of new accounts etc. So, it seems they are less convinced than Experian would like everyone to be that there is no need to panic.

‘it seems they are less convinced than Experian would like everyone to be that there is no need to panic.’

Did All Your Passwords and Login Details Get Stolen?

No. What was illegally obtained was personal info about you and your credit use. While this information can be used by bad people to pretend to be you it is more likely that this sort of information could be used by bad people to pretend to be your bank and to trick you into giving them information that would give them access to your account or to collect your one time pins etc.

‘could be used by bad people to pretend to be your bank and to trick you into giving them information’

So, it is wise to be wary of any such calls from people saying they are your bank or a credit provider and who start to ask you all sorts of weird questions. Also, you should beware of any emails asking you to login to your bank accounts suddenly.

Budgeting

Worried?

If you are worried that your information has been used by a scammer or that someone has been in touch who seems suspicious then you can get in touch with the South African Fraud Prevention Services (SAFPS) who may be able to assist (and also your bank – whichever one may be involved). Do not delay rather be wrong about not being ripped off than leave it too long and let people steal from you.