Millions of South Africans affected by Debt-In data breach

Debt-In, a professional debt recovery solutions partner to many South African banks, has been hit by a ransomware attack exposing its customers data.

Debt-IN Consultants, a professional debt recovery solutions partner to many South African financial services institutions, has announced that a ransomware attack by cyber criminals has resulted in a significant data breach of consumer and employee personal information.

It is suspected that consumer and personal information of more than 1.4 million South Africans was illegally accessed from Debt-IN servers in April this year, but this breach only just came to light with the discovery that confidential consumer data and voice recordings of calls between Debt-IN debt recovery agents and financial services customers had been posted on hidden internet sites that are only accessible by a specialised web browser.

Debt-IN says is working closely with the regulator, law enforcement agencies and other cyber-security partners to rapidly gather facts, resolve the issue and provide ongoing information to clients. The company says while the investigations are ongoing and the analysis subject to change, the findings to date show there has been no further breach and enhanced data protection measures remain securely in place.

The company has taken immediate and appropriate actions to reinforce existing security measures and to mitigate any further potential impacts of the breach, including assembling a team of highly regarded and globally experienced cyberbreach and forensic experts to work with Debt-IN on the incident.

“Debt-IN deeply regrets this cyber-attack, and we apologise unreservedly for the inconvenience and anxiety this data breach has caused our clients, and their customers,” says Mark Essey, CEO.

“We are taking this matter very seriously. In this age of highly sophisticated information security threats and an estimated 17 billion cyber attacks around the world every day, Debt-IN is committed to doing all it can to protect clients’ information. We reiterate that we view this attack as the act of malicious cybercriminals. From the time this data breach was detected, our guiding principle has been to put our clients first, and we will continue to do so,” says Essey.

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI