Experts on News: Experian Scam Leaves Critical Data on Over 24 Million Customers Exposed

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog

by Security Experts | informationsecuritybuzz.com »

It has been reported that the South African branch of consumer credit reporting agency Experian disclosed a data breach on Wednesday with the credit agency admitted to handing over the personal details of its South African customers to a fraudster posing as a client. While Experian did not disclose the number of impacted users, a report from South African Banking Risk Centre (SABRIC), an anti-fraud and banking non-profit, claimed the breach impacted 24 million South Africans and 793,749 local businesses.
Full story here: https://www.zdnet.com/article/experian-south-africa-discloses-data-breach-impacting-24-million-customers/

EXPERTS COMMENTS
Saryu Nayyar

| August 21, 2020

Saryu Nayyar, CEO, Gurucul

As a consumer credit reporting company, they are clearly a high value target for cybercriminals.

“Experian is in the headlines again for suffering a major cyberattack. As a consumer credit reporting company, they are clearly a high value target for cybercriminals. Likely the company has an array of cybersecurity protections in place to prevent data breaches. Social Engineering, however, is a different animal. In this case, an individual fraudulently claimed to represent a client and gained access to Experian services. This person then made off with 24 million South African’s PII as well as information from 800,000 businesses. Fraud is malware’s ugly cousin. You need different controls to detect and catch social engineering and fraudulent behavior because fraud isn’t code. Fraud isn’t a malware application. People commit it.”

 

| August 21, 2020

Chris Hauk, Consumer Privacy Champion, Pixel Privacy

They can also use that same personal information to trick you into providing additional information.

“Any compromise of personal information like this offers an opportunity for the bad guys to impersonate you to open accounts in your name or cause other financial havoc. They can also use that same personal information to trick you into providing additional information.

That’s why even though Experian South Africa claims no sensitive data was leaked, customers should still stay alert for any changes in their accounts, or for anyone claiming to be from a bank, credit agency, or other financial institution asking for personal information.”

 

| August 20, 2020

Javvad Malik, Security Awareness Advocate, KnowBe4

We continue to see more and more high-profile attacks take place with social engineering attacks.

“Having robust technical security controls in place is essential for all organisations today. But in addition, it is equally important for organisations to have procedures that support security, and ensure all staff receive appropriate security awareness training. We continue to see more and more high-profile attacks take place with social engineering attacks – whether that be to get an employee to hand over credentials, set up a new payment, or send sensitive data.

We will likely see more organisations targeted by social engineers, and therefore investing in staff is of paramount importance.”

 

| August 20, 2020

Dean Ferrando, Systems Engineer Manager – EMEA, Tripwire

Identity theft is just as bad as an attacker draining one’s bank account.

“For those affected by this breach, I would strongly recommend they change their passwords and security information. Identity theft is just as bad as an attacker draining one’s bank account. Victims should continuously monitor their bank accounts as well as look for indicators of identity theft. The fact that this has occurred twice within a year means the organisation needs to evaluate its current security measures. Basic security hygiene needs to be adopted by all enterprises, not just financial institutions and this includes secure configurations and vulnerability management, as well as performing specific threat assessment and countermeasures which will reduce the overall risk of future attacks.”

 

External Link: Experts on News: Experian Scam Leaves Critical Data on Over 24 Million Customers Exposed

Share this page:

Related Posts