Absa Bank South Africa has suffered a data breach affecting a number of its clients, while exposing their personal information to external parties. The bank sent an email to affected clients on Monday 30 November, warning them that their personal information had been shared with third parties.
Absa told MyBroadband that the data was exposed due to the actions of an employee who acted unlawfully. The bank also confirmed that the personal information was exposed to external parties includes identity numbers, contact details, physical addresses, account numbers.
Absa did not state whether any other client information has been exposed in the breach, but said it may contact affected customers to validate potentially suspicious transactions going forward. The precise number of affected customers remains unconfirmed, but Absa has referred to it as a “small portion” of its client base.
Absa has as well brought criminal charges against the employee and said that the requisite consequence management has been undertaken internally.
Below is part of the email sent to affected clients.
“We regret to notify you that Absa has identified an isolated internal data leak whereby personal information of a limited number of Absa customers was shared with parties external to the bank. Unfortunately, some of your personal information formed part of this data which included your identity number, contact details, address and account numbers.
Absa takes the protection of personal data extremely seriously and has taken proactive steps to address the potential risk to our customers. As part of these monitoring measures, you might receive a phone call from us to validate potentially suspicious transactions to ensure heightened protection of your interest.
Please note that we will never ask you to share your ‘keys to the safe’ (including your online banking PIN or password or your card CVV, PIN or one-time password) with us or to approve activities to prevent fraud.”