Nedbank
  • The ID numbers, addresses and contact details of some 1.7 million Nedbank clients may have been compromised after a "data security incident" at a direct marketing company.
  • Computer Facilities sends SMSes and emails on Nedbank's behalf.
  • Nedbank says that the company didn't have access to its systems and that banks accounts have not been affected.
  • For more, go to Business Insider's home page.

A company that sends out SMSes and emails on Nedbank’s behalf may have been hit by a data breach. The “data security incident” may have released the names, ID numbers, telephone numbers, physical and/or email addresses of 1.7 million Nedbank clients.

In a statement on Thursday morning, Nedbank said that there was a “data incident” at the direct marketing company Computer Facilities, which sends emails and cellphone messages on its behalf.

“No Nedbank systems or client bank accounts have been compromised in any manner whatsoever or are at risk as a result of this data issue at Computer Facilities.”

Nedbank says it identified the data security issue at Computer Facilities as part of its routine and ongoing monitoring procedures.

“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities.”

Approximately 1.7 million retail clients were potentially affected. In total, Nedbank has some 5.8 million account holders.

Forensic experts have been appointed to conduct an extensive investigation and the bank is also working with the relevant regulators and authorities, Nedbank CEO Mike Brown said.

Nedbank Group Chief Information Officer Fred Swanepoel said Computer Facilities did not have any links to Nedbank’s systems. As a further precautionary measure, Computer Facilities’ systems have been disconnected from the internet until further notice.

Clients’ bank accounts are not at risk and they do not need to take any further action other than continuing to be vigilant against attempts at fraud, Nedbank said.

Two years ago, hackers seized insurance company Liberty's email repository and demanded a "ransom" in exchange for the data.

Other incidents included the theft of 60 million South Africans’ personal data via a holding company for several real estate firms including Realty1, ERA and Aida. The personal records of almost 1 million South African drivers were also reportedly compromised through the online traffic fine website ViewFine, while in 2017 Ster-Kinekor's website was also exposed for lacking data security

At the end of last year, many South Africans who view pornography on their mobile phones were affected by a massive breach. A local company reportedly leaked a large database of web browsing history along with mobile-phone identifiers, and in some cases social media usernames, allowing some individuals to be identified – and linked to the pornography they viewed.

Read: SA cellphone users' porn visits may have leaked – here's how to surf safely

Receive a cellphone message every morning with all our latest news: click here.

Also from Business Insider South Africa: