Nedbank Group, one of South Africa’s largest banks, has disclosed a security incident warning customers of a potential impact of data.
In the notice, the bank explained that the breach occurred at Computer Facilities (Pty) Ltd., a third-party service provider that issues SMS and email marketing information for Nedbank.
Approximately, 1.7 million customers were potentially affected, of which 1.1 million are active customers.
The compromised data included the personal information of Nedbank customers, such as names, ID numbers, home addresses, phone numbers, and email addresses.
The bank has assured that no Nedbank systems or client bank accounts have been compromised, or are at risk.
Nedbank explained that the breach was discovered whilst conducting routine and ongoing monitoring procedures. Upon the discovery, the bank engaged with the service provider and leading forensic experts to conduct an extensive investigation.
As a precautionary measure, Computer Facilities (Pty) Ltd’s systems have been disconnected from the internet.
“We regret the incident that occurred at the third-party service provider, namely Computer Facilities (Pty) Ltd and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities (Pty) Ltd, which we have done. In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities,” says CEO Mike Brown, Nedbank.
Yesterday, the bank began notifying its customers about the breaches via SMS, stating that their personal information was “potentially compromised.”
Nedbank Group Chief Information Officer Fred Swanepoel says: “The third-party service provider namely, Computer Facilities (Pty) Ltd did not have any links to our systems. Our team of IT specialists and external cyber security experts have been working continuously with them since we became aware of this matter. Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cyber-crime.”