South African credit bureau Experian has confirmed that leaked data — exposing the personal information of millions of South Africans — has been dumped on the dark web.
This comes after the company revealed a massive data breach in August where it had shared the personal information of up to 24 million South African consumers and 793 749 businesses with a scammer. According to Experian, the individual claimed to represent a legitimate client and fraudulently requested services from the consumer credit reporting company. Whilst the company had purported to have “contained” the breach, the Information Regulator of South Africa, a subsidiary of the Department of Justice, announced on 3 September that a “whistlebowler” had confirmed the information to be on the dark web. This information includes cell numbers, home and work phone numbers, employment details, identity numbers, names of the companies, VAT numbers and banking details.
According to a statement released by Experian, the data was not on the dark web but a “third-party data sharing site on the internet”. The third-party has since apparently disabled the links and the data has been removed.
Nonetheless, there is still a very real threat to millions of South Africans whose personal information continues to be vulnerable. Due to the extent of the breach, the Regulator has decided to conduct it’s own review to decide on a suitable plan of action.
Experian has since announced that a criminal case has been opened and it is now in the hands of law enforcement.