Two days after it suffered a cyber-attack by an extortive hacker, South Africa’s financial services giant, Liberty, is yet to fully comprehend the extent of the breach. Liberty must be in a race against time. The longer it takes for it to understand and close the breach the more risk is extending to its customers.
Liberty issued a statement on Sunday night saying “We are at an advance stage of investigating the extent of the data breach, which at this stage seems to be largely emails and attachments.”
Liberty, was hit by ransom seeking hackers over the weekend, who were reported to be demanding millions of rands and were threatening to release the company’s sensitive data to the public if their ransom is not met.
A visit to Liberty’s website over the weekend yielded the following message: “Liberty regrets to confirm that it has been subjected to unauthorised access to its IT infrastructure.”
The pop up message added that “An external party claims to have seized data from us, has alerted us to potential vulnerabilities in our systems and has requested compensation for this.
Liberty issued a follow up statement to its customers in Sunday night saying it has “made no concessions in the face of this attempted extortion and we are working with the relevant law enforcement authorities.”
Liberty tried to calm nerves of its customers. “We are conscious that that there has been an understandable level of interest and concern after we announced on Saturday that Liberty has been the victim of a criminal act. Our team of dedicated IT specialists and security personnel have devoted all their efforts around the clock to ensure that we live up to the duty of care to protect your information.
Liberty added that “At this point there is no evidence that any customer has suffered any financial loss. Liberty will proactively inform any customer individually if and when it is discovered that they may have been impacted. Should you have any queries or concerns, contact our Call Centre on 0860 456 789 or email firstname.lastname@example.org.”
Typically, hits like this result in the release of client’s data which can be harvested by criminals to target individuals with fraudulent activity.
This attack may have implications for millions of Liberty’s clients whose personal information may be compromised. Liberty runs with R720 billion in assets under management.
The 60 years old operation has a presence in 18 African countries. It’s grown from a South African life insurer to a pan-African financial services company, offering asset management, investment, insurance and health products to 3.2 million people across Africa.