Liberty clients urged to change all banking passwords amid inside-job rumours

All Liberty Holdings clients should change their transactional bank account details and any other systems which could have the same passwords as their Liberty accounts, Arthur Goldstuck, MD of World Wide Worx urged on Monday.

The financial services group admitted to a data breach on Saturday night by a third party, and said at a press conference on Sunday evening that no clients had yet been financially impacted.

Goldstuck told Fin24 by phone that the people behind the breach had threatened to release emails and possibly attachments from Liberty to clients, on the “dark web” (which requires specific software to access, and sells mainly illegal products using cryptocurrencies).

The first port of call for people buying the information will be to get as much of Liberty’s customers’ personal data, including the policy documents they have and their login details for Liberty, according to Goldstuck.

Goldstuck said that because people typically use the same password across multiple accounts, their transactional banking accounts could be at risk.


Liberty has been warned that the information will be released incrementally to the “dark web” unless it meets the third parties’ demand for money. The financial services firm has not disclosed the figure that is being claimed, but has denied any payments have been made.

READ MORE: Liberty refuses to pay hackers

In a statement on the JSE newswires on Monday morning, Liberty said that clients whose information had been impacted would be informed and no further action was required from policy holders.

Biggest hack of financial institution

The breach of Liberty’s client information is the largest hack of a financial institution in South Africa, Goldstuck said.

He noted that it was “a little concerning” that it took the company two days to admit the breach to the public and clients.

“Liberty is guarded about the nature and other details of the hack, saying only the breach is subject to a police investigation.”

According to the firm’s website, it offers asset management, investment, insurance and health products to 3.2 million people across Africa.

Goldstuck urged the company to be “fully transparent” about all the details of the breach.

“There is speculation that there was inside involvement. It appears [they] had access to the entire server [so] it seems unlikely it was external,” said Goldstuck.

Goldstuck added that financial institutions were particularly vulnerable to data attacks.

“Banks are fighting an ongoing war against hackers…it’s astonishing that there aren’t more breaches,” Goldstuck said.

Due to technical issues at the JSE on Monday, trading opened two hours late at 11:00. By 12:30, Liberty’s share price slid 4.3% to R118.67. Parent company, the Standard Bank Group, weakened 1.8% to R193.56 a share. — Fin24

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Tehillah Niselow
Tehillah Nieselow
Tehillah Nieselow is a Journalist at Power FM. She Covers labour issues, strikes, protests and general stories

Related stories

Advertising

Subscribers only

Q&A Sessions: Marcia Mayaba —Driven to open doors for women

Marcia Mayaba has been in the motor industry for 24 years, donning hats that include receptionist, driver, fuel attendant, dealer principal and now chief...

The war on women in video game culture

Women and girls make up almost half of the gaming community but are hardly represented and face abuse in the industry

More top stories

Gatvol Capetonians, EFF lash out at City of Cape Town...

Public infrastructure was allegedly damaged by the activist group in 2019 and by the Economic Freedom Fighters in 2020

Masuku loses appeal against SIU report on Covid graft

The judge found that when news of improprieties were brought to his attention, Masuku did not take steps to urgently intervene

Leaking De Ruyter’s affidavit countering racism claims was ‘malicious’ and...

Mkhuleko Hlengwa has pointed to people in Eskom or the public enterprises department for making the document public

SABS ‘contemplates’ 170 retrenchments to save R150m

Salaries account for 65% of the South African Bureau of Standards’ total operating‌ costs
Advertising

press releases

Loading latest Press Releases…