Experian Data Breach Compromises 24 Million South Africans


Consumer credit reporting company Experian discloses its data breach on Wednesday, August 19, 2020. The massive breach reportedly affects 24 million South Africans and approximately 793,749 local businesses, states ZD Net.

As a consumer credit reporting company, IOL states that Experian plays a huge role in helping financial and lending institutions in South Africa make respective credit and loan decisions. Records under these credit bureaus include public information, properties, Intellectual Property Commission records, and more.


The credit bureau admits to providing personal details of millions of South Africans and thousands of local businesses to an entity posing as a client. Although the company failed to provide a number of affected consumers, an anti-fraud and banking non-profit organization called South African Banking Risk Centre (SABRIC) provided the number of the possibly affected individuals and firms in the region.

Experian Data Breach

In a statement published on its website, Experian said, “Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian.”


Experian continued to say, “The services involved in the release of information that is provided in the ordinary course of business or which is publicly available. We can confirm that no consumer credit or consumer financial information was obtained.”

Despite handing over sensitive consumer information to a supposed client, Experian maintains that its consumers are free from fraudulent actions or misappropriations.

It appears that SABRIC chief executive officer Nischal Mewalall disagrees, saying the “compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts. However, criminals can use this information to trick you into disclosing your confidential banking details,” reports Business Tech.

ZD Net reports that such claims are not enough to pacify South African privacy regulators, who will be opening and possibly filing a case in light of the massive breach.

Following the incident, Experian reported the incident to local authorities, including the National Credit Regulator, states IOL. It has also successfully identified the suspect and obtained an Anton Piller or court order which allows relevant agencies to seize the hardware of the suspect and the secured data being deleted.

IOL continued to say that the consumer credit bureau has also engaged the services and cooperation of the Banking Association of South Africa (BASA), the Southern African Fraud Prevention Service (SAFPS, and SABRIC to provide more information and light on the matter.

Likewise, Experian claims to have enhanced its security features. Among those updated by the company include their authentication processes as well as their fraud prevention and detection strategies.