Credit bureau data disaster: Here’s what your bank says you should do

Business Insider SA
  • The personal details of 24 million South Africans have been leaked to an alleged fraudster.
  • In theory, criminals could use these details to attempt to gain access to various accounts.
  • South African banks are now starting to contact affect customers.
  • They’re advising customers to change passwords – and not only banking ones.
  • For more articles, go to

(This article has been updated with new information. For details, please see below)

UPDATE | SA’s massive data breach actually happened in May – and took nearly three months to ‘contain’

The personal details of some 24 million South Africans, and nearly 800,000 businesses, have allegedly been stolen by a suspected fraudster, in one of the South Africa's largest ever data breaches.

Your bank accounts are not at risk, say banks – but criminals could theoretically use these details to attempt to impersonate you, or trick you into giving them confidential information.

Standard Bank has also suggested you change your online banking password to be safe, as well as your social media passwords. (There is no reason to believe social media accounts can be compromised, but that is good housekeeping anyway, the bank says.)

The information was allegedly stolen from the credit bureau Experian, which collects credit information about consumers from banks, retailers, and other parties. According to Experian, the information was handed over to the fraudster after that individual posed as a legitimate client.

By law, banks are required to share your data with credit bureaus. That means that even if you haven't interacted with Experian, your personal details and financial history may have been compromised. If so, you may be vulnerable to being impersonated.

READ | Credit bureau data disaster: Fraudster has details of many South Africans, banks issue warnings

If you think your identity has been compromised, then the number one thing you should do, according to the South African Banking Risk Centre (Sabric), is apply for a free registration at the Southern African Fraud Prevention Service (SAFPS).

According to Sabric, “This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder.”

You can apply here, or contact SAFPS at"

In addition, a number of banks have used statements advising customers on what steps to take to ensure you’re not compromised.

Here’s what your bank says you should do.

Standard Bank

Standard Bank says some of its customer data was affected by the breach. “The information that has been compromised includes ID number, residential and physical addresses and contact details,” it says.

The Bank says you should take the following steps:

  • Change banking passwords on our digital banking platforms and social media passwords.
  • Register for DigiMe on the Standard Bank App Register for MyUpdates (free Standard bank SMS service) to be notified of all transactions over R100 on your accounts.
  • Contact the bank or your relationship manager immediately if you suspect your bank accounts or cards have been compromised.
  • Do not share your personal details, banking details or one-time pin with anyone.Register with SAFPS for protective registration – if anyone tries to apply for banking products with your ID, it will be declined or referred for further review.


Absa says it has also been affected and is contacting affected customers.

The banks says to contact them immediately on their Fraud Hotline (0860 557 557) should you notice any suspicious behaviour or if in doubt.

Criminals are likely to approach you via email, phone, or text message and present themselves as members of a reputable organisation

“They will attempt to deceive unsuspecting consumers into disclosing their ‘keys to the safe’ (online PIN, online passwords, card PIN, card CVV number, OTP, and/or authentication messages – RVN/TVN/SureCheck).”

“Never share these details with anyone and report suspicious behaviour immediately,” says the bank.


The bank says they're aware of the breach and are working closely with authorities to ensure their customers are protected.

"While the information cannot be used to access your banking profile, fraudsters may attempt to use it for phishing, where they contact you posing as your bank or other institution in an attempt to trick you into sharing further personal information," says the bank. "Your bank will never contact you to request information such as your banking pin or account number."

Capitec also suggests applying for a free registration at the Southern African Fraud Prevention Service (SAFPS), if you suspect your identity has been compromised.

First National Bank

FNB says it’s also reaching out to customers who may have been affected.

“We are working with The South African Banking Risk Information Centre (Sabric), The Banking Association of South Africa (BASA), law enforcement and regulatory authorities to mitigate any potential risks on our customers as a result of the incident.”

It gives the following advice:

  • It is vitally important that you never give your Online Banking username and/or password to anyone.
  • Never give your One Time PIN (OTP) to anyone.
  • Never click on links in emails claiming to be from FNB.
  • Never save your passwords to your browsers.


Nedbank says it’s been made aware of the breach and that “the information shared includes names, ID numbers, telephone numbers, physical and/or email addresses.”

“Your bank accounts are not at risk,” says Nedbank. But criminals can use this information to impersonate you, or scam you into giving them access to your accounts.

Nedbank urged its customers to take the following steps:

  • Never share your passwords or PIN with anyone.
  • Never disclose your personal information to anyone who calls you, emails you, or SMSs you.
  • Remember Nedbank will never contact you asking for this information.
  • Contact Nedbank immediately should you suspect unauthorised use of your personal information.

This article has been updated since publication to include commentary from Capitec

(Compiled by Edward-John Bottomley)

Receive a daily update on your cellphone with all our latest news: click here.

Get the best of our site emailed to you daily: click here.

Also from Business Insider South Africa:

Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo