Policyholders and investors cautioned to be extra vigilant following TransUnion data breach

19 March 2022

Following this week’s TransUnion South Africa data breach, the Association for Savings and Investment South Africa (ASISA) is cautioning policyholders and investors to expect an increase in phishing attempts and approaches from criminals impersonating representatives from life insurers and investments companies.

Johann van Tonder, senior policy advisor at ASISA, says since a number of ASISA members make use of the TransUnion credit verification services, there is a high possibility that the compromised information includes personal details of South African policyholders and investors.

“While it appears that the client information obtained by the hackers is limited to names, contact details and ID numbers, we are concerned that this could be used by criminals to trick consumers into sharing account passwords.”

Van Tonder points out that no company will ever request a client to share passwords or one-time PIN codes telephonically, via text message or via email. He adds that companies will also never request clients to login to their accounts via unsolicited messages.  

Van Tonder says the financial sector is very aware of the risks of the constant cybersecurity threats facing the industry.

ASISA therefore established a Cyber Security Incident Response Team (CSIRT) with the aim of helping member companies combat threats to cybersecurity by encouraging and facilitating the sharing of cybercrime trends and other relevant information. The ASISA CSIRT is one of three industry response teams in existence in the financial sector.

One of the three is the South African Banking Risk Information Centre (SABRIC). ASISA and the SABRIC signed a Memorandum of Understanding last year to collaborate on combatting financial and cybercrimes and to strengthen cyber resilience within the financial services sector.

Van Tonder says intra-sector collaboration in the fight against cybercrime is critical. “ASISA is therefore working closely with SABRIC on assessing the full impact of the TransUnion South Africa data breach on South African consumers.”

Click here to download PDF