The third-party service provider where Nedbank recently detected a security breach appears to have had glaring holes in its defences, a security researcher told MyBroadband.
Nedbank recently disclosed to clients that it discovered a security breach at a third-party service provider called Computer Facilities.
Computer Facilities sends SMS and email marketing on behalf of Nedbank.
Personal information including the names, ID numbers, telephone numbers, physical addresses, and email addresses of Nedbank clients were compromised in this breach.
The bank stated that 1.7 million clients were affected by the breach, of which 1.1 million are active clients.
Nedbank CEO Mike Brown said in an interview that the bank has done everything in its power to contain the incident.
“We have been on the premises of the supplier. You will see that we have agreed with them that they have shut themselves off from the Internet. We deleted all the Nedbank data off their servers,” he said.
Brown said that Nedbank sent data to Computer Facilities for campaigns in an encrypted format. It then looks like the data was decrypted and stored in plain text.
He emphasised that none of Nedbank’s systems were compromised. The accounts of people whose data was compromised are being monitored for fraud.
More people’s data may be compromised
Brown said that not only Nedbank data was compromised in the attack on Computer Facilities’ systems.
“Obviously they have other data as well,” he said.
No details about the other data that was compromised has been revealed.
Brown also noted that they don’t yet know if any of the data comprom ..
Support the originator by clicking the read the rest link below.
