Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Vodacom, Maziv deal now looks likely after CompCom U-turn

      8 July 2025

      Icasa publishes new draft regulations for digital TV

      8 July 2025

      Fast-growing Beira port to get private mobile network

      8 July 2025

      MultiChoice hit with multimillion-rand fine for privacy ‘breaches’

      8 July 2025

      Still in play: Ramaphosa banks on talks to ease US tariff blow

      8 July 2025
    • World

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025

      Grammarly acquires e-mail start-up Superhuman

      1 July 2025

      Apple considers ditching its own AI in Siri overhaul

      1 July 2025

      Jony Ive’s first AI gadget could be … a pen

      30 June 2025

      Bumper orders for Xiaomi’s YU7 SUV heighten threat to Tesla

      27 June 2025
    • In-depth

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025
    • TCS

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025

      TCS+ | First Distribution on the latest and greatest cloud technologies

      27 June 2025

      TCS+ | First Distribution on data governance in hybrid cloud environments

      27 June 2025
    • Opinion

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » Data breach hits major South African insurance player

    Data breach hits major South African insurance player

    By Duncan McLeod30 June 2021
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    QSure, a big player in South Africa’s insurance industry, has been hit by a data breach in which bank account numbers and other sensitive information were compromised by a third party.

    The company would not say how many records were exposed through the breach, only that the incident is “still being investigated”.

    “On 9 June 2021, QSure became aware that it had been subject to illegal and unauthorised access to its IT infrastructure, and immediately isolated its IT network and shut down its systems,” said chief operating officer Ian du Toit in e-mailed response to questions from TechCentral.

    QSure immediately appointed three industry-leading and independent cyber-forensic and security technology firms…

    QSure is a registered financial services provider and one of the collection agencies that provides collection and premium handling services for the South Africa insurance industry. Its clients include big insurance companies and insurance brokers.

    “QSure immediately appointed three industry-leading and independent cyber-forensic and security technology firms to conduct a detailed forensic investigation into the cybersecurity incident,” Du Toit said. “QSure takes the safety and security of its clients’ data extremely seriously. The company has notified insurers and brokers with whom it does business, as well as the relevant regulatory authorities, and continues to provide support in this regard.”

    ‘Exfiltrated’

    Preliminary investigations show that the compromised data had been “exfiltrated” from the company’s servers. “The data relates only to policyholders who are clients of QSure’s customers (insurers and brokers) and includes banking details, limited to the account holder name, bank account numbers and bank branch codes. No policyholder identity numbers, credit card details, any form of contact details, or policy content are kept on QSure’s database and therefore could not be compromised,” Du Toit said.

    “All brokers have been briefed and have, in turn, notified or are in the process of notifying their policyholders.”

    He said QSure’s IT platform has been “completely rebuilt” and “all necessary steps have been taken to ensure the environment is secure”.

    “It was built and configured under the guidance of forensic security and technology consultants, appointed specifically to assist with managing the incident.”

    QSure did not answer questions about whether it knows who was responsible for the breach or how they were able to compromise the company’s systems.

    TechCentral first became aware of the breach when insurance firm Hollard sent an e-mail to affected customers notifying them about the breach.

    “On Thursday, 17 June, Hollard received confirmation of a data breach at QSure, an administration company that facilitates the collection of debit orders for many of South Africa’s major insurers, including Hollard. The breach potentially affects all insurance customers whose debit orders are processed, or have been processed in the past, by QSure,” Hollard said.

    We need to advise you that there is a possibility that information stored on the QSure database now sits in unauthorised hands

    “QSure have assured us that they reacted quickly to unusual activity on their servers on 9 June and took down all external connections as quickly as possible before restoring operations in a totally secured environment. They also immediately commissioned an independent investigation, and cybersecurity experts engaged by QSure confirmed on 17 June that that the activity had resulted in a breach, which included the unauthorised movement or copying of customer data to an external environment.”

    Hollard said the breach has been reported to the “relevant authorities”.

    Risk of fraud

    “We need to advise you that there is a possibility that information stored on the QSure database now sits in unauthorised hands,” Hollard said its communication with customers.

    “This information consists of account holder name, bank account number and branch details, and there is an increased risk of fraud and other identity crimes associated with this information being in the hands of cybercriminals. No identity numbers or other data, often used in conjunction with banking details to perpetrate fraud, was compromised.”

    Hollard advised its clients, among other things, to be cautious of phone calls, e-mails or SMSes that ask for their personal information, and not to disclose this information, especially Pins and passwords.

    “If you suspect that you have been contacted by a fraudster, notify your bank or appropriate service provider. Examine your bank records and accounts more closely and report and request the reversal of any suspicious or fraudulent transactions. And change your passwords regularly and try use different passwords for all of your accounts.”

    Hollard also advised clients to visit haveibeenpwned.com, which allows them to check whether their personal data has been compromised through security incidents such as data breaches.  — © 2021 NewsCentral Media



    Hollard Ian du Toit QSure top
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleEskom seeks R140-billion for shift to renewables
    Next Article Cell C in talks with RMB, Investec for R4-billion in funding

    Related Posts

    Naked Insurance raises over R300-million in series-B funding round

    15 February 2023

    How Hollard drives a continuous improvement philosophy with Ovations

    24 November 2021

    18GW in unplanned breakdowns cripple Eskom

    2 November 2021
    Company News

    Huawei South Africa Partners Forum 2025: joining hands for a digital, intelligent future

    8 July 2025

    Powering South Africa’s industrial intelligence with Huawei Cloud’s AI-native innovations

    8 July 2025

    Rain launches a new way to connect. It’s a loop

    8 July 2025
    Opinion

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.