Absa bank embroiled in data leak, rogue employee accused of theft

Absa has notified customers of a data breach potentially compromising their personal information. 

The Johannesburg, South Africa-based financial services group, which provides personal and business banking as well as wealth management services, has pointed the finger at an employee for the security incident. 

Absa maintains a presence in 12 countries across the continent and accounts for roughly 42,000 employees.  

See also: The biggest hacks, data breaches of 2020

As reported by local publication MyBroadband, Absa sent an email to customers on Monday informing them of the data breach. The message said that personally identifiable information (PII) belonging to clients was exposed to “external parties.” 

“We regret to notify you that Absa has identified an isolated internal data leak whereby personal information of a limited number of Absa customers was shared with parties external to the bank,” the financial group said. 

ID numbers, contact details, physical home addresses, and account numbers are thought to have been compromised. Absa has not revealed if any other sensitive, financial data was involved in the data leak. 

CNET: Supreme Court hears case on hacking law and its limits

It is also not known how many customers have been impacted, although the bank intends to monitor more closely for suspicious transactions in a “small” number of its client base that may have had their information stolen. If transfers are suspected of being fraudulent, Absa will ring customers to verify transactions.

Absa says that additional security measures are being implemented, but in the meantime, it is believed that a rogue employee is at fault. According to local media, Absa has accused a staff member of making “customer data available” to third-parties, illegally, and so criminal charges have been brought against the unnamed individual. 

TechRepublic: How to protect your personal data from being sold on the Dark Web

Data was found on devices during search and seizure operations and has been destroyed. The investigation is ongoing. 

Only three months before this security incident, Absa Group Limited’s cybersecurity team was named the “Not for Profit Team of the Year” in the 2020 Cyber Security Awards, with Absa CSO Sandro Bucchianeri commended in the Cybersecurity industry “Personality of the Year” category.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0