• Experian, one of South Africa's largest credit bureaus, says the personal information of as many as 24 million South Africans may have been put at risk.
  • A fraudster accessed these details unlawfully.
  • The company says it has reported the breach to the police and regulatory authorities
  • For more articles, go to www.BusinessInsider.co.za.

UPDATE | SA’s massive data breach actually happened in May – and took nearly three months to ‘contain’

South Africa has just been hit by one of the largest-ever data breaches after Experian, one of the country's biggest credit bureaus, was hit by a fraudster.

Experian says the personal information details of as many as 24 million South Africans, and nearly 800,000 business were compromised. These records were "exposed to a suspected fraudster". The person impersonated a client of the firm

Experian has reported the breach to law enforcement and regulatory authorities. Banks are currently working with Experian to identify which of their customers have been exposed.

Experian collects credit information about consumers from banks, retailers and other parties. That means that even if you haven't interacted with Experian, your personal details and financial history may have been compromised. If so, you may be very vulnerable to having your identity impersonated.

“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” says Nischal Mewalall, CEO of the South African Banking Risk Centre (Sabric).

The breach is similar to the attack on the US credit bureau Equifax in 2017. Personal records of nearly 150 million people were compromised as part of the largest data-breach in history. The breach forced Equifax to come to a settlement of $600 million with the US Federal Trade Commission, and offer payouts to affected customers.

It’s the latest in a series of attacks to hit South Africa this year. Earlier this week Momentum Metropolitan warned that hackers had accessed data at one of its subsidiaries, but that client information was not stolen

In June, Life Healthcare, which has 66 hospitals in South Africa, was hit by a "criminal attack" on its IT systems.

What should you do if your identity has been compromised?

According to Sabric, "should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder. Consumers wanting to apply for a Protective Registration can contact SAFPS at protection@safps.org.za"

What steps can you take to secure your identity?

Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.

Change your password regularly and never share them with anyone else.

Verify all requests for personal information and only provide it when there is a legitimate reason to do so.

This article has been updated with new information from Experian, after the company said the breach was not the result of hacking, but was accomplished via social engineering.

(Compiled by Edward-John Bottomley)

Receive a daily update on your cellphone with all our latest news: click here.

Get the best of our site emailed to you daily: click here.

Also from Business Insider South Africa: