Nedbank warns customers of a personal-security breach at a third-party supplier
About 1.7-million clients of Nedbank, of which 1.1-million are active, were potentially affected by a “data security incident" at a company handling SMS and e-mail marketing for the bank.
This comes two weeks after Tracker SA was hit by a ransomware attack.
Nedbank said on Thursday it had investigated a data-security issue that occurred at the premises of a third-party service provider, Computer Facilities (Pty) Ltd.
“A subset of the potentially compromised data at Computer Facilities included personal information (names, ID numbers, telephone numbers, physical and/or e-mail addresses) of some Nedbank clients," the bank said.
However, “no Nedbank systems or client bank accounts have been compromised in any manner whatsoever or are at risk as a result of this data issue".
Nedbank said it had identified the data-security issue at Computer Facilities as part of its routine and ongoing monitoring procedures.
“Once we became aware of the issue, we engaged as a matter of urgency with the service provider and leading forensic experts to conduct an extensive investigation.
“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities."
Nedbank added: “This incident is isolated to the third-party service provider's systems. As a further precautionary measure, Computer Facilities' systems have been disconnected from the internet until further notice.
“We regret the incident that occurred at the third-party service provider ... and the matter is receiving our urgent attention. The safety and security of our clients' information is a top priority."
Nedbank CEO Mike Brown said: “We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities, which we have done. In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close co-operation with the relevant regulators and authorities."
Nedbank Group chief information officer Fred Swanepoel said Computer Facilities did not have any links to the bank's systems.
“Our team of IT specialists and external cybersecurity experts have been working continuously with them since we became aware of this matter. Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cybercrime," said Swanepoel.
Nedbank assured its clients that their bank accounts were not at risk and they did not need to take any further action, “other than continuing to be vigilant against attempts at fraud".