South African bank Nedbank has become the latest financial services company to disclose a data security issue following a security breach that had impacted its third-party supplier.
In a press release, the bank announced Thursday it is currently investigating a security incident that occurred at the premises of Computer Facilities, a third-party service provider that currently manages the issuance of SMS and emails on Nedbank’s behalf.
According to the statement, among the potentially compromised data include the personal information of about 1.7 million customers, including their names, ID numbers, telephone numbers, as well as physical and/or e-mail addresses.
The bank, however, clarified that “[n]o Nedbank systems or client bank accounts have been compromised in any manner whatsoever or are at risk” due to the recent security incident.
“Once we became aware of the issue, we engaged as a matter of urgency with the service provider and leading forensic experts to conduct an extensive investigation. We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities,” the company explained.
“Information from Nedbank Retail relating to approximately 1.7 million clients was potentially affected, of which 1.1 million are active clients.”
According to Nedbank, the incident is isolated to the third-party service provider’s systems. However, as part of a further precautionary measure, the bank noted that the Computer Facilities systems are currently disconnected from the Internet until further notice.
“We regret the incident that occurred at the third-party service provider, namely Computer Facilities, and the matter is receiving our urgent attention,” commented Nedbank CEO Mark Brown about the incident.
“The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities, which we have done,” he continued.
Founded in 2003, Nedbank now stands as one of South Africa's four largest banks. As of June 2019, the firm claims to have R1,1 trillion in total assets and R126 billion in market capitalisation.
To date, the bank is operating in 702 outlets and is housing a total of 30, 577 employees.
Fred Swanepoel, Nedbank CI, clarified that Computer Facilities did not have any links to Nedbank’s systems.
“Our team of IT specialists and external cybersecurity experts has been working continuously with them since we became aware of this matter. Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss.”
