“It should be noted that Nedbank identified the data security issue at Computer Facilities as part of our routine and ongoing monitoring procedures."
NEDBANK clients in Kimberley and the Northern Cape are believed to be among those affected by a data breach that affected 1.7 million of the bank’s customers.
Nedbank clients’ identity numbers, addresses and contact details may have been breached after a “data security incident” at a direct marketing company.
According to a statement, Nedbank said it has investigated a data security issue that occurred at the premises of a third-party service provider, namely Computer Facilities.
Computer Facilities is a direct marketing company that issues SMS and e-mail marketing information on behalf of Nedbank and a number of other companies.
A subset of the potentially compromised data at Computer Facilities included personal information (names, ID numbers, telephone numbers, physical and/or e-mail addresses) of some Nedbank clients.
No Nedbank systems or client bank accounts have been compromised, the banking institution said.
“Once we became aware of the issue, we engaged as a matter of urgency with the service provider and leading forensic experts to conduct an extensive investigation.
“It should be noted that Nedbank identified the data security issue at Computer Facilities as part of our routine and ongoing monitoring procedures.
“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities. Information from Nedbank Retail relating to approximately 1.7 million clients were potentially affected of which 1.1 million are active clients.
“This incident is isolated to the third-party service provider’s systems. As a further precautionary measure, Computer Facilities’s systems have been disconnected from the internet until further notice.
“We regret the incident that occurred at the third-party service provider, namely Computer Facilities, and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities, which we have done.
“In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close co-operation with the relevant regulators and authorities,” Nedbank CEO Mike Brown said.
Nedbank Group chief information officer Fred Swanepoel said: “Computer Facilities did not have any links to our systems. Our team of IT specialists and external cyber security experts have been working continuously with them since we became aware of this matter. Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cybercrime.”
Nedbank said that they have advised Computer Facilities of their obligation to notify any of their other customers potentially impacted by the incident.
Clients’ bank accounts are not at risk and they do not need to take any further action other than continuing to be vigilant against attempts at fraud.
A Kimberley Nedbank client said yesterday that he believed that he had been among those affected by the data breach.
“Earlier this week, I received an SMS on my phone from Nedbank asking me to click on a Bitly link that would have taken me to a website, requesting further personal details. As I am wary of clicking on anything that takes one to a website that requests personal information, because I know that banks would never to do that, I immediately deleted the SMS and did not click on the link.
“But the fact that my cellphone number had been linked to an apparent Nedbank scam makes me believe that my account was compromised,” he said.
For any questions or concerns, readers are asked to call Nedbank’s call centre: 0860 775 775 or email: [email protected]