Liberty customers urged to change all banking passwords amid inside-job rumours

accreditation
iStock [www.istockphoto.com]

All Liberty Holdings [JSE:LBH] customers should change their transactional bank account details and any other systems which could have the same passwords as their Liberty accounts, Arthur Goldstuck, MD of World Wide Worx urged on Monday.

The financial services group admitted to a data breach on Saturday night by a third party, and said at a press conference on Sunday evening that no customers had yet been financially impacted.

Goldstuck told Fin24 by phone that the people behind the breach had threatened to release emails and possibly attachments from Liberty to clients, on the 'dark web' (which requires specific software to access, and sells mainly illegal products using cryptocurrencies).

The first port of call for people buying the information will be to get as much of Liberty’s customers’ personal data, including the policy documents they have and their log-in details for Liberty, according to Goldstuck.

Goldstuck said that because people typically use the same password across multiple accounts, their transactional banking accounts could be at risk.

Liberty has been warned that the information will be released incrementally to the 'dark web' unless it meets the third parties' demand for money. The financial services firm has not disclosed the figure that is being claimed, but has denied any payments have been made.

In a statement on the JSE newswires on Monday morning, Liberty said that clients whose information had been impacted would be informed and no further action was required from policy holders.

Biggest hack of financial institution

The breach of Liberty’s client information is the largest hack of a financial institution in South Africa, Goldstuck said.

He noted that it was "a little concerning" that it took the company two days to admit the breach to the public and clients.

"Liberty is guarded about the nature and other details of the hack, saying only the breach is subject to a police investigation."

According to the firm's website, it offers asset management, investment, insurance and health products to 3.2 million people across Africa.

Goldstuck urged the company to be "fully transparent" about all the details of the breach.

"There is speculation that there was inside involvement. It appears [they] had access to the entire server [so] it seems unlikely it was external," said Goldstuck.

Liberty Holdings CEO David Munro said at Sunday's press conference that the authorities had asked the company to investigate whether the breach could have been an inside job and the police will also be probing this possibility.

Munro said they were unable to provide further details about whether the hack had taken place inside or outside the country's borders.

All the emails affected were from Liberty's insurance division and due to police investigations, Munro was unable to confirm how many clients were impacted.

Goldstuck added that financial institutions were particularly vulnerable to data attacks.

"Banks are fighting an ongoing war against hackers…it’s astonishing that there aren’t more breaches," Goldstuck said.

Due to technical issues at the JSE on Monday, trading opened two hours late at 11:00. By 12:30, Liberty’s share price slid 4.3% to R118.67. Parent company, the Standard Bank Group [JSE:SBK], weakened 1.8% to R193.56 a share.

* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
16.41
+0.3%
Rand - Pound
19.82
+0.1%
Rand - Euro
16.69
+0.2%
Rand - Aus dollar
11.50
+0.5%
Rand - Yen
0.12
+1.1%
Gold
1,774.02
-0.3%
Silver
20.13
-0.7%
Palladium
2,155.00
+0.1%
Platinum
933.50
-0.5%
Brent Crude
95.10
-3.2%
Top 40
64,726
+1.1%
All Share
71,505
+1.1%
Resource 10
65,387
+3.3%
Industrial 25
87,072
+0.1%
Financial 15
16,239
+0.5%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders