A breach at a third-party debt recovery partner of African Bank has now affected banking customer information. According to African Bank, Debt-IN suffered a ransomware attack in April 2021, but at the time of discovery they did not believe any stored data had been affected. That is quite the opposite now, however, they believe no data that has been stored after April of 2021 is affected. A quote from the bank reads “A robust mitigation plan has been implemented by Debt-IN to contain and reduce any further adverse impact. We have been collaborating with Debt-IN to address this breach. We have notified the relevant regulatory authorities and we are also in the process of alerting customers who have been affected, via email and SMS.” A Free Protective Registration listing can be provided by the Southern African Fraud Prevention Services (SAFPS), but affected parties have to apply directly.
African Bank has asked customers who experience issues with their account to call 0861 111 011 and report it immediately. Since Debt-IN was a third-party partner of African Bank it is important to note that companies that use third-party services should regularly perform routine security audits of both their internal systems and their third-party vendors. It is important to enable sufficient event logging to be able to investigate any security event to determine if data was accessed. Performing 24/7 monitoring of security events can enable a quick response and aid in the removal of intruders from the environment before they have time to steal data or cause damage.