Employee blamed for Absa data breach

Data Breach

Absa, a Johannesburg-based financial services company, has revealed that one of its employees has leaked data pertaining to some of its South African customers – which include client ID numbers, bank account numbers, credit card numbers and mobile phone numbers – to several third parties in return for payment.

“The employee has unlawfully made selected customer data available to a small number of external parties, with the leaked data. The leaked data relates to a small portion of Absa South Africa’s customer base, although investigations continue,” Absa said in a statement, as it lays criminal charges against the employee.

Upon discovery of the data breach, the bank secured high court orders allowing search-and-seizure operations at various premises and secured “all devices” containing the leaked data.

From there, data was found on devices during search-and-seizure operations and has been destroyed with investigations still ongoing.

Absa told reporters that the information shared specifically does not include passwords or Pin codes but worries of the possibility that some cybercriminals could still attempt to take advantage of the situation.

Absa is present within 12 different markets across the African continents, as it accounts for roughly 42,000 employees.

However, the company was quick to notify their customers by sending out an email explaining the situation, explaining that the breach had compromised Personally Identifiable Information (PII) belonging to clients.

“We regret to notify you that Absa has identified an isolated internal data leak whereby personal information of a limited number of Absa customers was shared with parties external to the bank,” the email read.

While the exact number of clients affected remains unknown, Absa intends to monitor the situation closely by monitoring any suspicious transactions of its compromised customers, by calling them to verify the validity of the transaction.

The cyberattack comes at a time when Absa Group Limited’s cybersecurity team was named the “Not for Profit Team of the Year” in the 2020 Cyber Security Awards, with the company’s CSO Sandro Bucchianeri commended in the industry as “Personality of the Year.”