Experian states it has identified a suspect and obtained an Anton Piller or court order against them
The data breach at credit bureau Experian Africa may not be as serious as first feared. The company said late on Wednesday that its investigations show that the compromised data was not used for fraud.
“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian,” it said in a statement published on its website.
“The services involved the release of information that is provided in the ordinary course of business or which is publicly available. We can confirm that no consumer credit or consumer financial information was obtained,” it added.
“Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes. Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”
Earlier on Wednesday, the South African Bank Risk Information Centre (Sabric) said Experian had experienced a data breach that exposed the personal information of as many as 24 million South Africans and 800 000 businesses.
“Banks have been working with Experian and Sabric to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds,” Sabric said in a statement. “Banks and Sabric have also been co-operating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.”
Anton Piller order
Experian said in its statement that it has identified a suspect and obtained an Anton Piller or court order against them. This resulted in the suspect’s hardware being impounded and the misappropriated data being secured and deleted. “We are continuing the legal process in this regard, including coordination with law enforcement and relevant authorities,” it said.
Experian said that after it discovered the incident, it notified the National Credit Regulator and the Information Regulator. It insisted that its infrastructure, systems and database were not compromised.
Culled from Moneyweb
