Liberty refuses to pay ransom after hackers hit computer systems


Liberty Holdings [JSE:LBH], the South African insurer midway through an overhaul to improve profit, said it refused a ransom demand after hackers breached its information-technology infrastructure and accessed some emails.

“We did engage with the external parties involved to determine their intentions, but we made no concession in the face of this attempted extortion,” Liberty Chief Executive Officer David Munro said on Sunday in Johannesburg.

“Liberty is at an advanced stage of investigating the extent of the data breach, which at this stage, seems to be largely emails and possibly attachments.”

The threatened data leak comes as Munro pushes ahead with a turnaround of the largest provider of long-term insurance products to affluent South Africans, which has struggled to grow sales into a weak local economy.

Since being appointed to the post in May last year, Munro has sought to improve customer service by revamping its call centre, while simplifying its offerings that had become too complex for its 3 000 agents to market and finding ways of improving returns at its asset-management unit.

Liberty couldn’t comment on the identity of outside parties that gained access to the IT infrastructure, or divulge the payment demanded because the matter is still subject to investigation by various authorities, Munro said.

No losses

The 60-year-old insurer has more than 2.5 million life-insurance policies and administers more than 10 000 retirement plans and 500 000 individual and institutional investment customers, according to its website.

“There is no evidence at this point in time that there is any financial loss to any of our customers,” he said. “We have gone to extreme lengths to enforce our IT infrastructure to ensure our customers’ information is protected.”

Liberty sent text messages to clients informing them of the attack. “We totally understand the concerns they might have about the impact of this act of criminality,” he said.

Information that was stolen probably was restricted to Liberty emails and customers of Standard Bank Group [JSE:SBK], which controls Liberty, wouldn’t be affected unless they were also the insurer’s customers, according to Munro. The breach is limited to Liberty, he said.

“There is no inter-connection when it comes to Liberty and Standard Bank systems,” he said. “This was an infiltration of our network and a specific email system or repository of email data. It looks like the bulk of the data they stole from us is email, relatively recent rather than deeply dated.”

* SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders