South African fraudster tricks credit bureau Experian into handing over data


The South African arm of credit bureau Experian is investigating a data breach that saw it hand over information to a suspected fraudster, it said on Wednesday, adding the suspect had already been identified and the data deleted.

Experian, the world’s biggest credit data firm, generates credit reports and scores based on consumer borrowing and payment habits, which are used by banks, car dealers and retailers.

It said it had notified the relevant authorities and engaged with industry bodies over the incident, though it added “no consumer credit or consumer financial information was obtained”.

“Our investigations indicate that an individual in South Africa, purporting to represent a legitimate client, fraudulently requested services from Experian,” it said in a statement, adding these services involved the release of information which is provided in the ordinary course of business or is publicly available.

“Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes,” it said, adding the suspect’s hardware had been impounded and the data deleted.

Experian’s statement did not say what it meant by hardware nor who had impounded it, though it said it was working with law enforcement.

The South African Banking Risk Information Centre (SABRIC), a body formed by the country’s big four banks to assist in combating organised crime targeting banks, said personal data from some 24 million South Africans and almost 800,000 businesses had been exposed.

An Experian spokesperson said the SABRIC statement was incorrect but did not provide further details.

Standard Bank, a major South African lender, said some of its “client demographic information” had been handed over and that it had stepped up its authentication and anti-fraud strategies, asking clients to take preventative measures like changing their password.