Consumer, business and credit information services agency, Experian, has stated that the data breach that occurred at the company which saw the personal information of about 24 million South Africans stolen was not a hack.
As per Experian’s CEO, the data breach was not a hack but rather a clever social engineering tactic. According to CEO, Ferdie Pieterse, in no way, shape or form was Experian hacked.
“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian. The services involved the release of information which is provided in the ordinary course of business or which is publicly available,” said Experian.
Mr Ferdie dismisses reports that they were hacked, saying that none of the company’s systems, databases or records were hacked. Instead, the perpetrator used social engineering tactics to make the company believe that it was a genuine client interested in the data of the 24 million individuals.
Pieterse defended the company, citing that it was not a colossal failure on their part. According to him, the perpetrators already had official names and ID numbers of people and Experian simply provided contact information such as phone numbers and physical addresses to the fraudsters.
The incident is still under investigation with the South African Banking Risk Centre (SABRIC) in collaboration with banks who are Experian’s customers. The banks are trying to identify which of their clients may have been had their information exposed in the breach and find ways to protect their personal data.
“Banks and SABRIC have also been cooperating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book,” SABRIC said.