The Nedbank connected data breach, impacting close to two million customers, occurred due to a vulnerability in the bank’s third-party marketing contractor Computer Facilities’ network, according to Business Insider. Computer Facilities is a direct marketing company that issues SMS and email marketing information on behalf of Nedbank and a number of other companies. The structural weakness allowed an attacker to access its systems. The consequence was exposure of client data.
The compromised customer data included:
Commenting on the issue for Digital Journal, Anurag Kahol, CTO, Bitglass notes that these types of third-party breaches, such as the incident involving Nedbank can still harm end-customers, their trust, and their desire to purchase goods or services from a brand. In fact, according to PriceWaterhouseCoopers, 87 percent of customers will take their business elsewhere if they feel like a company is failing to handle their data responsibly.”
Kahol also expresses concern over the random way by which the data breach was detected, pointing out: “The network vulnerability of Nedbank’s contractor was only identified when the bank performed routine monitoring processes on its partner’s systems.”
In terms of what preventative measures can be adopted by financial institutions, Kahol explains that to “protect consumer data and maintain trusting and secure business relationships, organizations should look for security platforms that enforce real-time access control, detect and remediate misconfigurations, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage.”
Kahol concludes by empathizing: “It is only through the use of a comprehensive arsenal of advanced tools that visibility and control over data can be maintained.”