Ina Opperman

By Ina Opperman

Business Journalist


African Bank clients’ data breached after hacking at debt collector

Criminals will find all kinds of ways, such as a ransomware attack, to get hold of your personal details during a data breach.


A ransomware attack at a debt collector was a data breach, although there was no evidence at the time that the attack resulted in personal details being stolen.

This means that the personal details of a number of African Bank customers, who are under debt review, have been compromised.

African Bank said on Tuesday it could confirm that one of its appointed professional debt recovery partners, Debt-IN, was targeted by sophisticated cyber criminals in April 2021.

Debt-IN is now aware that the personal data of certain customers was compromised, but is “confident” that no data shared after 1 April 2021 was compromised.

ALSO READ: Hawks arrest suspect for massive Experian data breach

‘Robust’ mitigation plan against ransomware attack and data breach

According to African Bank, Debt-IN has implemented a “robust” mitigation plan to contain and reduce any further adverse impact.

“We have been collaborating with Debt-IN to address this breach,” says Piet Swanepoel, chief risk officer of African Bank.

He said the relevant regulatory authorities were notified and customers who were affected were being alerted by email and SMS. As an additional precautionary step, African Bank’s fraud prevention team has enhanced security measures to protect all African Bank customers.

ALSO READ: Identity theft up by 337% in 2020, fraud summit hears

This is how to protect yourself from data-breach fallout

Swanepoel reminds all South Africans to remain vigilant against possible fraud by:

  • Never disclose usernames, passwords, PINS or one-time pins (OTPs) when asked to do so via telephone, fax, text messages or even email, even if the request appears believable. African Bank will never ask you for this information, he says.
  • Change your passwords often and don’t share them with anyone.
  • Don’t give in to cyber criminals who often contact customers and pretend to be their bank because they know your ID and cellphone numbers.

It is important to review your monthly statements closely to check if money has left your account and who received it.

“If you detect any suspicious activity, or feel that your information has been compromised, you can apply for a free Protective Registration listing with the Southern African Fraud Prevention Services [SAFPS],” says Swanepoel.

“This will alert banks and credit providers that an identity has been compromised. You can apply by emailing protection@safps.org.za.”

Swanepoel also urged African Bank customers to call 0861-111-011 if they suspected any fraudulent activity on their accounts.

Read more on these topics

business news

For more news your way

Download our app and read this and other great stories on the move. Available for Android and iOS.