Absa informs more customers of data leak, 15 months later

accreditation
0:00
play article
Subscribers can listen to this article
When Absa announced a data leak in the November 2020, it said only a small portion of its South African-based customers were affected. Now, it has identified more. Photo: Reuters
When Absa announced a data leak in the November 2020, it said only a small portion of its South African-based customers were affected. Now, it has identified more. Photo: Reuters

When Absa announced a data leak in the November 2020, it said only a small portion of its South African-based customers were affected.

However, it has emerged that more Absa customers were subject to the data leak than the bank initially communicated. The bank sent emails to some customers on Monday morning, informing them that they were victims of that data breach.

"Following Absa's announcement of an isolated data leak in November 2020, and a resultant independent forensic investigation, we have now identified more compromised data and are contacting impacted customers directly," read the email to customers.

This correspondence was sent 15 months after the leak happened.

It stated that identity information, contact details and transactional account numbers of affected clients were compromised. The bank said it has taken steps to protect impacted customers, and it has secured all devices of known implicated parties.

Absa did not specifically respond to Fin24's question about how many customers it emailed on Monday. But in a statement, the bank said although it informed them more than a year later, it took extra precautions and heightened monitoring of customer accounts after the leak was discovered.

"Independent investigations are ongoing, and we continue to reach out to affected customers as new information comes to light," said the bank.

In the November 2020 leak, Absa said it was one of its employees that unlawfully made selected customer data available to external parties. At the time, the bank said the leak affected a small portion of its South Africa-based customers. But in April 2021, the bank said the leak might have affected more customers than it initially believed.

Emails sent to clients then read exactly as those which were sent on Monday morning. The bank said it identified more compromised data stemming from the November 2020 leak.

In the Monday statement, the bank said the employee who unlawfully sold customers' data to external parties was dismissed and criminal proceedings have been instituted against the employee. It said customers who suspect suspicious activity on their accounts must contact the bank's fraud hotline on 0860 557 557.

Get the biggest business stories emailed to you every weekday.

Go to the Fin24 front page.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
16.09
-1.4%
Rand - Pound
19.60
-0.7%
Rand - Euro
16.93
-0.9%
Rand - Aus dollar
11.12
-1.3%
Rand - Yen
0.12
-0.9%
Gold
1,819.88
-0.2%
Silver
20.81
-1.7%
Palladium
1,874.89
+0.1%
Platinum
913.50
+0.2%
Brent Crude
115.09
+1.7%
Top 40
61,789
+0.4%
All Share
68,058
+0.3%
Resource 10
66,069
+0.9%
Industrial 25
80,452
+0.3%
Financial 15
15,394
-0.2%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot