- Personal information for some of its customers was stolen "by sophisticated cyber criminals" – in April – African Bank said on Wednesday.
- A partner company, Debt-IN, was hit by a ransomware attack then.
- At the time, it did not believe there had been a data breach.
- Five months later, it knows better, and affected people are now being notified.
- For more stories go to www.BusinessInsider.co.za.
The personal information of "a number" of its customers has been stolen, African Bank said on Wednesday – after an attack five months ago.
The bank was not directly breached. Instead, what African Bank described in a statement as "sophisticated cyber criminals" hit a debt-recovery company it works with, Debt-IN, in April.
At the time the companies thought that had been a ransomware attempt, and that no information had been stolen.
"Debt-IN is now aware that the personal data of certain customers, including a number of African Bank Loan customers under debt review, has been compromised," said African Bank.
The affected customers were being contacted via email and SMS, it said, while it "has enhanced security measures to protect all African Bank customers".
It did not say how many customers were affected, or exactly what data had been made available to Debt-IN.
"A robust mitigation plan has been implemented by Debt-IN to contain and reduce any further adverse impact," said African Bank, without providing further details.
It also said the debt-collection company "is confident that no data shared post 1 April 2021 has been compromised".
In July, South African port terminals were closed after a ransomware attack at Transnet. The court system is currently crippled due to a ransomware attack on the justice department, and personal information may have been compromised in that incident.
(Compiled by Phillip de Wet)