Experian South Africa announced that it's in the process of investigating a security incident involving a fraudulent data inquiry.
On August 19, the South African branch of the consumer credit reporting agency said in a web statement that a South African individual purporting to represent a legitimate client had fraudulently requested official Experian services involving the release of information. The individual had requested this information for the purpose of creating leads for insurance and credit-related services, as Experian South Africa determined. Upon discovering the incident, the consumer credit reporting agency obtained and executed an Anton Piller order against the suspect. This action resulted in law enforcement impounding the suspect's hardware and in the data transferred from Experian being deleted. An investigation launched by Experian South Africa revealed that the incident was limited in scope, per the agency's web statement:
We can confirm that no consumer credit or consumer financial information was obtained. Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes.... Experian South Africa bureau’s infrastructure, systems and database have not been compromised.
South African Banking Risk Information Centre (SABRIC), which learned of the incident from Experian South Africa, appeared to tell a different story. In its own web update, the non-profit organization revealed that Experian had suffered "a breach of data" that exposed the personal information of 24 million South Africans and 793,749 businesses. SABRIC went on to disclose that it had been working with Experian and individual banks to identify affected customers and to implement additional security measures. Those banks informed SABRIC that they would begin notifying affected individuals and would take steps to help protect them. Additionally, SABRIC said that it was working with Experian to help bring those responsible for the security incident to justice. Experian's investigation into this incident was ongoing at the time of writing. Anyone who might have been affected by this incident should review their credit reports and take additional steps to protect themselves against identity theft. These steps can help.