- Curo Fund Services experienced a cyberattack on 19 January.
- The administrator, founded jointly by Sanlam and Old Mutual in 2012, has R2 trillion in assets under management and administration.
- But Old Mutual, Sanlam and Futuregrowth say their customers have no reason to worry about their data being compromised.
Old Mutual, Sanlam and Futuregrowth say their customers have no reason to worry about the recent cyber-attack on their investment administration service provider's systems.
Curo Fund Services experienced a cyberattack on 19 January. According to a Sunday Times report, the Cape Town-based investments administrator was locked out of its systems until 24 January.
The administrator, founded jointly by Sanlam and Old Mutual in 2012, has R2 trillion in assets under management and administration.
All three firms said the attack affected their operations, too, for a limited period. Curo's systems could not process investment-related instructions from the investment houses.
"During this period, the outage affected Curo's ability to provide us with prices for some of our Old Mutual Unit Trust portfolios. We are in the process of applying the updated prices to those portfolios for those customers who transacted," said Old Mutual in a statement.
The investment businesses within Old Mutual, including Futuregrowth, decided to suspend trading in listed markets until 24 January to err on the side of caution. They have since resumed trading.
Sanlam said it implemented remedial actions to avoid negative impact on its clients. Its clients continued to trade while Curo's systems were being restored.
The insurer said it worked closely with Curo to analyse and investigate the nature and scope of the security breach.
"Sanlam can confirm that the affected systems at Curo did not contain any retail client data," it said in a short statement.
Futuregrowth also said no customer data was compromised.
"Detailed client information is held by Futuregrowth, not Curo. Curo is conducting a full IT forensic investigation at present which will identify the full impact of the attack and also the type of intrusion," said the investment house.
Old Mutual also said it does not share any personal client data with Curo. The security breach was isolated to Curo's systems and did not impact the insurer's firewalls.
At the time of publication, Fin24 had not received a response from Curo on whether the company had identified the source of the attack. But Old Mutual said the administrator is running a "detailed and comprehensive" forensic investigation to establish the extent of any data breaches.