Asisa warns investors about an increase in criminal cyber activity

The Association for Savings and Investment South Africa (Asisa) has warned policyholders and investors to expect a rise in phishing and approaches from criminals impersonating representatives from companies following last week’s TransUnion South Africa data breach. Photo: Kacper Pempel/Reuters

The Association for Savings and Investment South Africa (Asisa) has warned policyholders and investors to expect a rise in phishing and approaches from criminals impersonating representatives from companies following last week’s TransUnion South Africa data breach. Photo: Kacper Pempel/Reuters

Published Mar 22, 2022

Share

The Association for Savings and Investment South Africa (Asisa) has warned policyholders and investors to expect a rise in phishing and approaches from criminals impersonating representatives from companies following last week’s TransUnion South Africa data breach.

TransUnion said it was not a ransomware attack, but a criminal third party that had obtained access to their server through misuse of an authorised client’s credentials. Certain parts of its online services taken offline had since resumed, the firm said.

On reports suggesting some 54 million records of South Africans were stolen, TransUnion said they believe an isolated server holding limited data from their South African business was impacted.

“As our investigation progresses, we will contact and assist individuals whose personal data may have been affected,” TransUnion said in a statement.

ASISA policy advisor Johann van Tonder, said since a number of ASISA members make use of the TransUnion credit verification services, there was a high possibility compromised information included personal details of policyholders and investors.

“While it appears the client information obtained by the hackers is limited to names, contact details and ID numbers, we are concerned this could be used by criminals to trick consumers into sharing account passwords,” he said.

He said no company would ever request a client to share passwords or one-time PIN codes telephonically, via text message or email. He said companies would also never request clients to login to their accounts via unsolicited messages.

He said Asisa had a Cyber Security Incident Response Team (CSIRT) to help member companies combat threats to cybersecurity, by facilitating the sharing of cybercrime trends and other relevant information.

The Asisa CSIRT is one of three industry response teams in the financial sector.

Another is the South African Banking Risk Information Centre (SABRIC). Asisa and SABRIC signed a Memorandum of Understanding last year to collaborate on combating financial and cybercrimes and to strengthen cyber resilience in the financial services sector.

Van Tonder said intra-sector collaboration in the fight against cybercrime was critical.

“Asisa is working closely with SABRIC on assessing the full impact of the TransUnion South Africa data breach on South African consumers,” he said.

[email protected]

BUSINESS REPORT ONLINE