South African bank Absa has come across a data leak after one of its employees exposed customer data to several external parties, reports The South African. The bank has taken to notifying affected parties about the incident.
According to Tech Central, Absa acknowledged the leak on Monday night, November 30, 2020. The company states that the incident was contained and limited, but involved a bank employee who “unlawfully made customer data available to a small number of external parties.”
After conducting its own investigation, the company believes that the “data was intended for telemarketing purposes,” as mentioned in its email to clients on Tuesday, December 1, 2020.
Among the information obtained by the bank employee were customers’ full names, identity numbers, physical addresses, mobile contact numbers, and vehicle details. The bank account and credit card numbers were also compromised, reports Tech Central.
The information shared varied from one customer to another. While there were some identity numbers and phone numbers made vulnerable from some clients, Tech Central states that there were some individuals whose only data compromised were their vehicle financing details, and the like.
Despite the information illegally and unlawfully accessed by the unnamed employee, Absa maintains that there are no passwords or PIN codes affected by the incident as the company does not store this type of information.
Although the specific number of affected customers was not disclosed by the South African bank, Absa states that the leak only pertains to a small customer base.
The company did not reveal when the incident first took place, states Tech Central. However, the report was only issued to Absa’s chief security office on October 26, 2020.
Following Absa’s discovery of the security incident, Business Insider states that the bank had immediately reached out to authorities to help conduct search and seizure operations at various locations.
All of the devices that have been used for mining personal data have all been retrieved, with the data on the said devices being destroyed to prevent these from falling into another person’s hands.
Apart from this, Business Insider reports that Absa has already filed criminal charges against the employee in question, with the company saying that it had enacted the “requisite consequence management” in answer to the security incident.
Furthermore, Tech Central states that it had made improved efforts to monitor customer accounts, in addition to reaching out to its customers. According to the company, it “may take further action in relation to the recipients of the data once the full scope of the leak is identified and all investigations are completed.”
