The South African branch of consumer credit reporting agency Experian revealed a data breach that impacted 24 million customers.
The company revealed that only personal information was exposed in the data breach and no financial or credit-related information was compromised.
The origin of the attack has been identified and has already deleted stolen data from the devices used by the attackers.
The exact number of impacted users was not revealed by the company, but according to a report published by the South African Banking Risk Centre (SABRIC) the security incident may have impacted 24 million South African citizens and 793,749 local businesses.
The company had reported the incident to law enforcement and the appropriate regulatory authorities and will soon notify the impacted customers.
After the crooks behind the breach were identified, a court order was obtained by Experian that let them to seize the fraudsters’ equipment and stolen data was secured and deleted.
None of the data has been used for fraudulent purposes before being deleted and that the fraudster did not compromise its infrastructure, systems, or customer database.
According to a statement by the credit agency, an individual in South Africa, pretended as a legitimate client and fraudulently requested services from Experian. The services involved the release of information which is provided in the ordinary course of business or which is publicly available.
Their investigations show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.
Experian Africa CEO, Ferdie Pieterse stated that their first priority is to help and support consumers and businesses in South Africa and also apologized for the inconvenience caused.