Nedbank bank disclosed on Thursday a security breach at a third-party supplier that has compromised the details of as many as 1.7 million of its clients.
The bank revealed that the service provider Computer Facilities, which is a direct marketing company that issues SMS and e-mail marketing information on behalf of Nedbank and other companies, has suffered a “data security issue.”
The incident was discovered as part of “routine and ongoing monitoring procedures” conducted by the bank.
Nedbank Limited is a wholly-owned subsidiary of Nedbank Group that operates , Malawi, Mozambique, Namibia, Swaziland, and Zimbabwe,
“Nedbank has investigated a data security issue that occurred
Nedbank confirmed that its systems or client bank accounts have not been compromised or are at risk as a result of the security issue at Computer Facilities (Pty) Ltd.
Once the bank became aware of the security breach, it engaged forensic experts to conduct an extensive investigation.
The company determined that data belonging to 1.7 million past and current customers have been affected. Exposed info includes names, ID numbers, home addresses, phone numbers, and email addresses.
“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities (Pty) Ltd. Information from Nedbank Retail relating to approximately 1,7 million clients was potentially affected of which 1,1 million are active clients.” continues the notice.
The bank began notifying customers via SMS.
Since the incident, the bank
Bank officials apologized for the incident and confirmed that the investigation is still ongoing.
“We regret the incident that occurred at the third-party service provider, namely Computer Facilities (Pty) Ltd and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities (Pty) Ltd, which we have done. In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities,” Nedbank CEO Mike Brown says.
Nedbank Group Chief Information Officer Fred Swanepoel says: “The third-party service provider namely, Computer Facilities (Pty) Ltd did not have any links to our systems. Our team of IT specialists and external cyber security experts have been working continuously with them since we became aware of this matter. Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cyber-crime.”