Nedbank has issued a warning to its customers about a data breach at one of its service providers that may have compromised personal details of about 1,7-million clients.

In a statement today, the bank says it has investigated a data security issue that occurred at the premises of third-party service provider Computer Facilities, a direct marketing company that issues SMS and email marketing information on behalf of Nedbank and a number of other companies.

Among the data that might have been compromised is personal information including names, ID numbers, telephone numbers, physical and/or email addresses of some Nedbank clients.

Nedbank stress that none of its own systems or client bank accounts have been compromised, or are at risk as a result of the data issue at Computer Facilities.

Nedbank identified the data security issue at Computer Facilities as part of its routine monitoring procedures.

“Once we became aware of the issue, we engaged as a matter of urgency with the service provider and leading forensic experts to conduct an extensive investigation,” the bank states.

“We have moved swiftly to proactively secure and destroy all Nedbank client information held by Computer Facilities. Information from Nedbank Retail relating to approximately 1,7-million clients was potentially affected, of which 1,1-million are active clients.”

The attack is limited to Computer Facilities’ systems and the company has disconnected from the internet as a precautionary measure.

“We regret the incident that occurred at the third-party service provider, namely Computer Facilities and the matter is receiving our urgent attention,” says Nedbank CEO Mike Brown.

“The safety and security of our clients’ information is a top priority. We take our responsibility to protect our client information seriously and our immediate focus has been on securing all Nedbank client data at Computer Facilities, which we have done.

“In addition to this, we are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities.”

Nedbank Group CIO Fred Swanepoel says: “The third-party service provider namely did not have any links to our systems. Our team of IT specialists and external cyber security experts have been working continuously with them since we became aware of this matter.

“Clients’ bank accounts have not been compromised in any manner whatsoever and clients have not suffered any financial loss. Nedbank remains vigilant in its efforts to contain cyber-crime.”