/ 18 June 2018

Data breach under control and under investigation, says Liberty CEO

In a statement released shortly after the briefing
In a statement released shortly after the briefing

Liberty Holdings CEO David Munro says the company is in control of its technology and data infrastructure and is working with authorities to get to the bottom of a data breach which occurred on Thursday evening. 

He maintained that no clients suffered any financial loss as a result of the data breach.

The company alerted clients of the data breach on Saturday evening via text message. Munro said the company informed the authorities about the breach, which Liberty considered an “act of criminality” and extortion.

On Sunday, the Sunday Times newspaper reported that extortionists wanted “millions” from the company to avoid the release of “critical information” belonging to “top clients”.

Munro said the data that was affected by the breach consisted largely of recent emails from the company’s mailing service. He said the company was in the process of investigating the breach, saying the findings of such a investigation would be referred to the authorities.

“We are at an advanced stage of investigating the data breach. For now it looks like there was no evidence that any of our customers have suffered any financial loss. We will contact our customers if it occurs that they are affected individually,” said Munro.

Munro said Liberty assembled a huge team of technology and security specialists with world class skills and experience in assisting organisations affected by such breaches.

“We made every effort to inform our customers when we were in the position to do so. We have informed relevant authorities and are working with them,” Munro said.

He said while the investigations into affected data taken from the company were ongoing, the company was confident that the breach wrought no financial loss for any of the company’s customers.

“There is no evidence that there is any financial loss for any of our customers so all of our policies and transactions remain in force. We have gone to extreme lengths to protect our IT infrastructure to ensure that our customers’ data is protected,” he said.

He said any customers who are affected by the breach would be further contacted and notified by the company. He also encouraged any concerned customers to contact the company and consult their financial advisors.

“If we find customers are affected, we will contact them directly if we find that they have been affected. But if they would like to get any clarity, we would encourage them to contact their financial advisors and make contact with us,” said Munro.

Munro said the identity of the hackers was a matter of investigation and that the company could not comment. He said an extortion attempt was confirmed with payment demanded after the breach. However the company made no concession and could not disclose the amount sought.

“It’s fair to say an event like this is not something one can prepare for specifically. We prepare for them generally, but when an event like this takes place, it’s out of the blue. This occurred on Thursday evening. It took a couple of days before deciding we should inform customers and ensure that we can safely move into the public domain, as it is a complex matter,” he said.

Munro said Liberty believed the information affected was limited to insurance operations in South Africa and that there was currently no reason to believe that this affected Stanlib or Standard Bank Group customers that are not clients of Liberty.

“We back up our data. The challenge every enterprise has globally is the confrontation from cyber criminals attacking on a regular basis. We have to get to understand that while these events are unwelcome, they will continue to become a regular part of corporate life,” he said.

In a statement released shortly after the briefing, Liberty said there was no further action required of its customers. — Fin24