No customer losses yet, says Liberty CEO after vicious cyber-attack

There is no evidence yet of financial losses affecting Liberty Life customers after the massive cyber-attack that hit the insurer this week, Liberty CEO David Munro said on Sunday.

Liberty Life first became aware of the cyber-attack that possibly compromised customers’ data late on Thursday evening, two days before it informed customers on Saturday evening, he told a press conference on Sunday evening at the Liberty Life offices in Braamfontein, Johannesburg.

“It really did take us a couple of days, which is Friday and the morning of Saturday, to get to the point where we felt we should inform customers that we understood the implications of the extortion attempt and that we were in a position to move into the public domain,” he said.

“It did take 36 hours to do that. These are often complex matters that are often difficult to understand, and the authenticity of the allegations has to be verified before we go into the public domain. We took our time. We felt that we acted responsibly.”

Munro said he could not reveal whether the breach might have been an inside job, what ransom the hackers demanded, or how the company had communicated with these hackers.

The Sunday Times reported that sources with intimate knowledge claimed the hackers had demanded payment of millions of rand, failing which they would have released some of the information in their possession to the public.

Munro said on Sunday: “We did engage with the external parties to determine their intentions. We made no concessions in the face of this attempted extortion.”

It is not yet clear how much information was stolen and how many customers might be affected. Munro said the company believed the breach involved recent e-mails and attachments from Liberty’s insurance business in South Africa.

“There is no evidence that any of our customers have suffered any financial loss. We will proactively inform our customers individually if and when we discover that they may have been impacted. No further action is currently required from our customers.”

He said Liberty Life was in control of the situation and was working with a team of security and IT specialists to back up its data.

“The challenge that every enterprise globally has today is that there is a confrontation being brought to us by cybercriminals that are attacking us on a regular basis,” he said.