BreachExchange mailing list archives
1.7 million Nedbank clients’ personal data compromised
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 14 Feb 2020 09:10:17 -0600
https://mybroadband.co.za/news/banking/338626-1-7-million-nedbank-clients-personal-data-compromised.html Nedbank announced that it has discovered a security breach at Computer Services Ltd, a third-party service provider which issues SMS and email marketing on behalf of the bank. “A subset of the potentially compromised data at Computer Facilities included personal information (names, ID numbers, telephone numbers, physical and/or email addresses) of some Nedbank clients,” the bank said. The security breach was discovered during a routine monitoring procedure, and once the bank became aware of it, it immediately conducted an extensive investigation. 1.7 million clients were affected by this security issue, with 1.1 million of those clients being active. The following information was exposed: Names ID numbers Telephone numbers Physical addresses Email addresses “We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities (Pty) Ltd. Information from Nedbank Retail relating to approximately 1.7 million clients were potentially affected of which 1.1 million are active clients,” said Nedbank. Communicating with clients Nedbank said the incident was isolated to Computer Facilities’ systems, which it has disconnected from the Internet until further notice as a precautionary measure. “We regret the incident that occurred at the third-party service provider, namely Computer Facilities (Pty) Ltd and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority,” said Nedbank chief executive Mike Brown. “We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities (Pty) Ltd, which we have done.” “In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities,” he said. Nedbank assured users that Computer Facilities did not have any links to its systems. “Our team of IT specialists and external cybersecurity experts have been working continuously with them since we became aware of this matter,” said Nedbank chief information officer Fred Swanepoel. “Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss.” Nedbank said it remains vigilant against cybercrime and has advised Computer Facilities of its obligation to notify its other customers of the incident. Clients’ bank accounts are not at risk and they do not need to take any further action other than continuing to be vigilant against attempts at fraud, the bank said. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- 1.7 million Nedbank clients’ personal data compromised Destry Winant (Feb 14)