Data Breach

  1. Home
  2. News Flash
  3. Data Breach

Data Breach

De Wet De Villiers
The National Veld and Forest Fire Act

De Wet De Villiers Brokers received confirmation of a data breach at QSURE (Pty) Ltd, an administration company which facilitates the collection of debit orders for many of South Africa’s major insurers, including Hollard. The breach potentially affects all insurance customers whose debit orders are processed, or have been processed in the past, by QSURE.

QSURE has assured us that they reacted quickly to unusual activity on their servers on 9 June and took down all external connections as quickly as possible before restoring operations in a totally secured environment. They also immediately commissioned an independent investigation, and cybersecurity experts engaged by QSURE confirmed on 17 June that that the activity had resulted in a breach, which included the unauthorised movement or copying of customer data to an external environment.

The breach has been reported to the relevant authorities and QSURE continues to work with cybersecurity experts to determine the extent of the breach, as well as the vulnerability that was exploited, but this process will take some time to complete.

In the meantime, we need to advise you that there is a possibility that information stored on the QSURE database now sits in unauthorised hands. This information consists of account holder name, bank account number and branch details, and there is an increased risk of fraud and other identity crimes associated with this information being in the hands of cybercriminals. No identity numbers or other data, often used in conjunction with banking details to perpetrate fraud, was compromised.

In terms of minimising the risk of the fraudulent misuse of your data, we’d like to suggest the following:

  • Check your credit report for free by visiting www.mycreditcheck.co.za.
  • Be cautious of phone calls, emails or SMSs that ask for your Personal Information, and do not disclose this information, especially PINs and passwords.
  • If you suspect that you have been contacted by a fraudster, notify your bank or appropriate service provider.
  • Examine your bank records and accounts more closely and report and request the reversal of any suspicious or fraudulent transactions.
  • Change your passwords regularly and try use different passwords for all of your accounts.
  • Check the “Have I Been Pwned?” website (www.haveibeenpwned.com) - this allows internet users to check whether their personal data has been compromised by data breaches, using your username or email address.

We have been assured that QSURE has diligently followed industry best practice in respect of this matter, notified the relevant regulators, and introduced additional controls to prevent this type of incident from occurring again. We are encouraged by their response, and will continue to monitor the situation.

If you have any questions relating to this matter, please get in touch with us at info@dwdv.insure or call us on 014 592-1077.