TransUnion South Africa has confirmed that hacking group N4aughtysecTU obtained data belonging to the bureau through the misuse of an authorised client’s credentials.

The personal information obtained could include names and ID numbers.

Nischal Mewalall, chief executive of the South African Banking Risk Information Centre (Sabric), comments: “SABRIC has already engaged TransUnion South Africa with the aim to co-ordinate the banking industry’s efforts to secure bank customers’ profiles against abuse.”

South African banks take the security of their customer data very seriously and have put in place robust risk mitigation strategies to detect potential fraud on accounts and protect customer personal information, as the investigation unfolds, Mewalall adds.

He points out that the compromise of personal information does not guarantee access to a customer’s banking profile or account, but that criminals can use this information to impersonate people or trick them into disclosing their confidential banking details.

SABRIC urges bank customers and other consumers to follow sound identity management practices to mitigate the risk of identity theft and fraudulent applications, and recommends that bank customers follow these precautionary measures:

* Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax or even email.

* Change your password regularly and never share it with anyone else.

* Verify all requests for personal information and only provide it when there is a legitimate reason to do so.

* Do not use the information that may have been compromised. Rather use other personal information that you have not used previously to confirm your identity in future.

Customers can visit www.sabric.co.za for additional advice.