Nedbank client data compromised in security breach at third-party provider

Pierluigi Paganini February 14, 2020

Nedbank bank announced on Thursday that a security breach at a third-party supplier has compromised the details of as many as 1.7 million of its clients.

Nedbank bank disclosed on Thursday a security breach at a third-party supplier that has compromised the details of as many as 1.7 million of its clients.

The bank revealed that the service provider Computer Facilities, which is a direct marketing company that issues SMS and e-mail marketing information on behalf of Nedbank and other companies, has suffered a “data security issue.”

The incident was discovered as part of “routine and ongoing monitoring procedures” conducted by the bank.

Nedbank Limited is a wholly-owned subsidiary of Nedbank Group that operates , Malawi, Mozambique, Namibia, Swaziland, and Zimbabwe,

“Nedbank has investigated a data security issue that occurred at the premises of a third-party service provider, namely Computer Facilities (Pty) Ltd – a direct marketing company that issues SMS and email marketing information on behalf of Nedbank and a number of other companies.” reads a security notice published by the bank. “A subset of the potentially compromised data at Computer Facilities included personal information (names, ID numbers, telephone numbers, physical and/or email addresses) of some Nedbank clients.”

Nedbank

Nedbank confirmed that its systems or client bank accounts have not been compromised or are at risk as a result of the security issue at Computer Facilities (Pty) Ltd.

Once the bank became aware of the security breach, it engaged forensic experts to conduct an extensive investigation.

The company determined that data belonging to 1.7 million past and current customers have been affected. Exposed info includes names, ID numbers, home addresses, phone numbers, and email addresses.

“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities (Pty) Ltd. Information from Nedbank Retail relating to approximately 1,7 million clients was potentially affected of which 1,1 million are active clients.” continues the notice.

The bank began notifying customers via SMS.

https://twitter.com/laurakim123/status/1228234794493870080

Since the incident, the bank says the contractor’s network has been taken offline to prevent any further attacks. As a precautionary measure, the bank also deleted any customer data from the contractor’s systems.

Bank officials apologized for the incident and confirmed that the investigation is still ongoing.

“We regret the incident that occurred at the third-party service provider, namely Computer Facilities (Pty) Ltd and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities (Pty) Ltd, which we have done. In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities,” Nedbank CEO Mike Brown says.

Nedbank Group Chief Information Officer Fred Swanepoel says: “The third-party service provider namely, Computer Facilities (Pty) Ltd did not have any links to our systems. Our team of IT specialists and external cyber security experts have been working continuously with them since we became aware of this matter. Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cyber-crime.” 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Nedbank, banking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment