What Info Was Leaked in the ABSA Data Leak?
ABSA Data Leak
An ABSA employee illegally took some ABSA client’s data to sell off to telemarketers.
The stolen info relates mainly to contact info and addresses as well as info about vehicle finance.
Data protection laws around the world are getting tighter and tighter including here in South Africa as the Protection of Personal Information Act (PoPI) comes fully into effect in 2020 and 2021. This is why we are shocked when we find out that bad people are taking and selling our information.
You may be wondering what was recently “leaked” from ABSA and who is buying such information?
A Data “Leak” and Not a Data “Breach”
When hackers get onto someone’s system and steal info that is called a data breach. When someone within your own company takes the info and sells it to someone it is called a data leak.
Recently an ABSA employee broke the company’s internal rules and copied information about a whole bunch of clients with vehicle finance through the bank. So, this is a data leak and not a hacker or data breach.
The employee then took that information off site and sent it on to someone who the bank says does telemarketing.
What info Was Leaked?
Information about clients with vehicle finance like:
- What car they have financed;
- How much they originally borrowed;
- How much they still have left to pay;
- ID numbers;
- Where they live;
- How to get in contact with the client.
Who Now Has The Info?
Though the bank is saying the info has probably been sent to a telemarketer this does not mean that others will not eventually get hold of that info unfortunately as was the case with another recent high profile data leak when a big credit bureau sent information about 24 million South Africans and 800 000 businesses to someone who asked for it (but should not have receive the info).
ABSA’s email to affected clients said: ‘Based on our investigation we have reason to believe that the data was intended for telemarketing purposes’
‘this does not mean that others will not eventually get hold of that info’
In the Credit Bureau data breach, at first, the fraudster and even the police said that that info was only sold to telemarketers but it later became obvious that that info had made its way onto the internet (dark web) and scammers and others could then gain access to it. It is had to know 100% how many copies were made and how far that info was shared.
Calling The Cops
ABSA has laid charges against the (former) employee and the police have been called in. The police raided the home and other places this person might have stored the info. They reportedly found and destroyed hardware with the info on it.
ABSA will also be looking to take legal action against the people who wanted to buy it for telemarketing (if their lawyers think they can win the case) and is taking additional steps to try tighten control over such info.