Home DATA PRIVACY Nedbank’s Third-Party Data Breach Impacts 1.7 Million Customers in South Africa

Nedbank’s Third-Party Data Breach Impacts 1.7 Million Customers in South Africa

data breach

South Africa-based Nedbank faced a customer data breach through a third-party service provider, Computer Facilities (Pty) Ltd. This firm takes care of Nedbank’s SMS and email marketing campaigns. Nedbank’s data breach has potentially affected its 1.7 million customers of which 1.1 million are active accounts.

Nedbank observed the data breach incident while running an internal system audit and monitoring its procedures. It immediately sounded an alert and contacted the service provider about its findings. With the help of the Computer Facilities (Pty) Ltd. team and a group of other cyber forensic experts, a detailed and extensive investigation was carried out to check the gradient of the data breach and the extent of the impact it had on its customers.

For preventive measures, Nedbank secured and destroyed all its customer data under the service provider’s possession. The incident is found to be limited to the third-party service provider’s systems only. Nedbank stated that none of its own systems or client accounts had been impacted. As a secondary precautionary perimeter, systems of Computer Facilities (Pty) Ltd were disconnected from the internet to quarantine the data breach.

Nedbank Group Chief Information Officer Fred Swanepoel said, “The third-party service provider namely, Computer Facilities (Pty) Ltd., did not have any links to our systems. Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss.”

Earlier, Western Australia-based P&N Bank faced a data leak that exposed its customers’ personally identifiable information (PII) and sensitive account information. In an official notice, the financial services provider stated that the information breach occurred due to a cyberattack on its customer relationship management (CRM) platform during a server upgrade. However, the incident did not cause any loss of customer funds, customers’ credit card details, or banking passwords. It only exposed customer names, age details, residential addresses, email addresses, phone numbers, customer numbers, account numbers, and account balances.