Millions of South Africans affected by Debt-In data breach

Debt-In, a professional debt recovery solutions partner to many South African banks, has been hit by a ransomware attack exposing its customers data.

Debt-IN Consultants, a professional debt recovery solutions partner to many South African financial services institutions, has announced that a ransomware attack by cyber criminals has resulted in a significant data breach of consumer and employee personal information.

It is suspected that consumer and personal information of more than 1.4 million South Africans was illegally accessed from Debt-IN servers in April this year, but this breach only just came to light with the discovery that confidential consumer data and voice recordings of calls between Debt-IN debt recovery agents and financial services customers had been posted on hidden internet sites that are only accessible by a specialised web browser.

Debt-IN says is working closely with the regulator, law enforcement agencies and other cyber-security partners to rapidly gather facts, resolve the issue and provide ongoing information to clients. The company says while the investigations are ongoing and the analysis subject to change, the findings to date show there has been no further breach and enhanced data protection measures remain securely in place.

The company has taken immediate and appropriate actions to reinforce existing security measures and to mitigate any further potential impacts of the breach, including assembling a team of highly regarded and globally experienced cyberbreach and forensic experts to work with Debt-IN on the incident.

“Debt-IN deeply regrets this cyber-attack, and we apologise unreservedly for the inconvenience and anxiety this data breach has caused our clients, and their customers,” says Mark Essey, CEO.

“We are taking this matter very seriously. In this age of highly sophisticated information security threats and an estimated 17 billion cyber attacks around the world every day, Debt-IN is committed to doing all it can to protect clients’ information. We reiterate that we view this attack as the act of malicious cybercriminals. From the time this data breach was detected, our guiding principle has been to put our clients first, and we will continue to do so,” says Essey.

Share

Featured Articles

Bridging the Gap: Examining the UK-US Data Bridge

The UK-US Data Bridge was created to replace EU data frameworks and allow the exchange of personal data whilst still adhering to agreed rules

Hiddenlayer CSO Tells Why It Made an AI Security Council

Chief Security & Trust Officer at HiddenLayer Malcolm Harkins explains why the company felt the need to create an AI Security Council and its objectives

Cooperation Key Theme at Microsoft Endpoint Security Summit

The Microsoft Endpoint Security Summit brought together leaders in the cybersecurity industry to discuss strategies for securing endpoints on Windows

Why the UK is Listing Data Centres as Critical Cyber Assets

Cyber Security

Trustwave Reveals the Financial Sector's Cyber Threats

Cyber Security

TCS and Google Cloud Join for Solution to Secure the Cloud

Technology & AI