Money and Markets

Credit bureau data disaster: Fraudster has details of many South Africans, banks issue warnings

Business Insider SA
(Picture: Getty)
  • A fraudster has impersonated a client of a major credit bureau, and has gained access to the contact details of many South Africans.
  • Banks are warning that criminals could use these details to attempt to gain access to accounts.
  • FNB has started to contact clients who may be affected.
  • For more articles, go to

UPDATE | SA’s massive data breach actually happened in May – and took nearly three months to ‘contain’

A fraudster impersonated a client of a major credit bureau, and now has the contact details of many South Africans.

Banks are warning that criminals could use these details to attempt to gain access to accounts.

Using “very smart social engineering techniques”, the perpetrator put himself forward as a known customer of Experian and “contracted with us in the normal course of business”, Ferdie Pieterse, CEO of Experian, told Bruce Whitfield during an interview on 702’s The Money Show.

“In that way (he) illegally obtained the records of 23.4 million individuals.”  

“None of our systems were either penetrated or hacked,” Pieterse confirmed. “This is an isolated incidence.”

The fraudster already had in his possession almost 800,000 names, surnames and ID numbers of individuals, Pieterse said. Experian then provided him with the contact information, telephone numbers and addresses of 670,000 clients. “It was unfortunate,” Pieterse said.

Meanwhile, the banks have warned customers to be on high alert following the incident.

Chief risk officer of African Bank Piet Swanepoel said, “This breach of personal information does impact our credit customers because we have to, by law disclose all details of customers who have credit with us to three credit bureaus, one of which is the Experian credit bureau.

“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” says Nischal Mewalall, CEO of the South African Banking Risk Centre (Sabric).

“Customers should remain aware fraudsters can impersonate a bank and contact customers and pretend to be their bank since they may know their ID and their cell numbers,” adds Swanepoel.

FNB has advised its customers to be “extra vigilant” following the data breach, and is communicating directly to its customers who may have been impacted.

What should you do if your identity has been compromised?

According to Sabric, "should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder.

Consumers wanting to apply for a Protective Registration can contact SAFPS at"

What steps can you take to secure your identity?

Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.

Change your password regularly and never share them with anyone else.

Verify all requests for personal information and only provide it when there is a legitimate reason to do so.

Receive a daily update on your cellphone with all our latest news: click here.

Get the best of our site emailed to you daily: click here.

Also from Business Insider South Africa: