South African insurance provider Liberty Holdings announced that it has been hit by a cyberattack, but that customer finances do not appear to have been impacted.
The company, which offers asset financial services and health products to 3.2 million people across Africa, announced yesterday that it had been contacted by a party claiming to have accessed data from the firm and demanded payment.
“Since becoming aware, we have taken immediate steps to secure our computer systems. Liberty is investigating the breach and we will endeavour to keep all stakeholders fully informed as appropriate,” said the company in a notice on its website.
CEO David Munro said in a press briefing that the company was made aware of unauthorised access to its systems on Thursday evening, and that it had been in contact with the alleged hacker(s) to determine their intentions but had not ceded to any demands.
“To be clear, at this stage there is no evidence that any of our customers have suffered any financial loss. We will proactively inform our customers individually if and when we discover that they may have been impacted,” said Munro.
He added that the breach “seems to be largely emails and possibly attachments”, and that the company believes it has identified and resolved the vulnerabilities exploited.
The Sunday Times, however, cited a source “with intimate knowledge” of the situation, which claimed that “Liberty IT personnel are running around like headless chickens trying to figure out how much data was accessed, and they can’t explain to their bosses how they were hacked”.
The unnamed source also claims that sensitive data about some of the insurer’s top clients was accessed, which is by no means incompatible with Munro’s claim that it was “largely” emails and attachments which were accessed – these in and of themselves may well contain information just as sensitive and of just as much value to cybercriminals as financial information.