South African Nedbank Suffered Data Breach Affecting 1.7 Million Customers

Extending the trail of security breaches this year, now joins the South African bank Nedbank. As revealed, Nedbank suffered a data breach via a third-party service provider. The incident potentially affected 1.7 million customers.

Nedbank Data Breach

Reportedly, one of the biggest banks in South Africa, Nedbank, has suffered a data breach. As disclosed via a security notice, the bank suffered following a security incident at its third-party service provider.

Specifically, the breach occurred at the bank’s marketing partner Computer Facilities (Pty) Ltd., who manage email and SMS marketing on behalf of the bank. Nedbank came to know of the incident as a result of a routine monitoring procedure.

Consequently, the incident also affected some Nedbank clients too, exposing their personal data.

As stated in their notice,

A subset of the potentially compromised data at Computer Facilities included personal information (names, ID numbers, telephone numbers, physical and/or email addresses) of some Nedbank clients.

According to their investigations, the breach affected 1.7 million clients as their information was held by Computer Facilities (Pty) Ltd. These clients also include 1.1 million active clients.

Security Measures Underway

Though, Nedbank has confirmed that the incident remained isolated to the third-party service provider only. And that it did not affect the bank systems directly. Nonetheless, they are taking measures to keep their clients’ data secure.

The CEO Nedbank, Mike Brown, has shared the following statement with regard to this incident.

We regret the incident that occurred at the third-party service provider, namely Computer Facilities (Pty) Ltd, and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities (Pty) Ltd, which we have done. In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities.

The CIO, Fred Swanepoel, has further ensured that the breach in no way affected bank account details. Hence, their remains no chance of any financial losses.

In January, an Australian bank P&N Bank also disclosed a data breach exposing sensitive data of the customers.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients