Millions of South Africans involved in security incident after debt collection firm suffers “material data breach”



Sensitive information is one of the potentially exposed datasets

Over a million South African citizens have potentially had their personal data exposed after a ransomware attack at a debt collection services company.

The company in question, Debt-IN Consultants, confirmed this week (September 22) that it was the victim of a cyberattack that resulted in a “material data breach” of personal information of consumers and employees.

More than 1.4 million South Africans are believed to have been affected by the incident, after Debt-IN said their data was illegally accessed from servers in April this year.

The compromised information may include the names and contact details of clients, information on employment and salaries, and information relating to debt, including payments and the balance owed to Debt-IN.

Learn about the latest news on data breaches

The Durban-based organization said the data breach only came to light last week with the discovery that confidential consumer data and voice recordings of calls between Debt-IN debt collectors and clients of the financial services had been published on “hidden websites” which can only be accessed by a “specialized” web browser.

Debt-IN confirmed: “One of our partners alerted Debt-IN to stolen personal data files while performing a routine and highly targeted ‘scan’ of data posted to the hidden collection of websites accessible only by specialized browsers. ”

The company was able to “definitively confirm” that the data was customers’ personal information on September 17.

Drive out debt

Following the discovery, Debt-IN said it was working with authorities to “quickly gather facts, resolve the issue, and provide ongoing information to customers.”

Mark Essey, CEO, said in a statement: “Debt-IN deeply regrets this cyber attack, and we wholeheartedly apologize for the inconvenience and anxiety this data breach has caused to our customers and their customers.

YOU MAY ALSO LIKE Netgear fixes an RCE flaw in the parental control function of routers

“We take this matter very seriously. In this age of highly sophisticated information security threats and approximately 17 billion cyberattacks worldwide every day, Debt-IN is committed to doing everything possible to protect our customers’ information.

“We reiterate that we consider this attack to be the act of malicious cyber criminals. From the time this data breach was detected, our guiding principle has been to put our customers first, and we will continue to do so. ”

Debt-IN has also provided a guide (PDF) for customers detailing what happened and what future actions it will take.

DO NOT MISS Fake WhatsApp backup message transmits malware to Spanish speakers’ devices


Leave A Reply

Your email address will not be published.