Standard Bank has experienced a data breach involving a senior employee. It has moved swiftly to contain the incident and is in the process of informing affected clients, TechCentral has learnt.
The publication was alerted on Wednesday by one of the bank’s clients that he had received a letter from explaining how he had been impacted by the incident and how Standard Bank was mitigating against potential client data compromise. It has also informed the Information Regulator, as required by law.
In e-mailed response to questions from TechCentral, a spokesman confirmed that the bank’s “ongoing monitoring processes” detected that an employee, who had “authorised access to specific client data”, had copied some customer-sensitive data to an unprotected personal device “in violation of the bank’s strict information security protocols”.
“Standard Bank takes data security extremely seriously and any divergence from this stated policy will be dealt with decisively in the interests of our clients,” the spokesman said.
It said the data copied includes “limited personal and/or financial information of a limited number of clients in South Africa”.
“Standard Bank does not keep or store information like client passwords and Pins, and such information was not impacted by this data incident,” the spokesman emphasised.
“In line with the Protection of Personal Information Act, the bank has communicated with impacted clients and has also notified the appropriate regulatory authorities. If a client has not been contacted by the bank, they have not been impacted by this data incident.”
Disciplinary process
The bank said none of its systems has been compromised. “The investigation will inform the steps that will be taken against the implicated staff member, guided by the bank’s internal disciplinary processes and regulatory requirements, including the Labour Relations Act and the Protection of Personal Information Act,” it said.
“The protection of our clients’ information is of the utmost priority, and as part of our ongoing commitment to clients, we continuously enhance security protocols and monitoring. Standard Bank apologises for any distress that this incident may have caused our clients,” the spokesman said.
Read: Standard Bank’s massive cybersecurity team
In the letter seen by TechCentral to the affected client, Standard Bank said it was “conducting a comprehensive investigation to understand the full scope of the incident”. It also said it was “reviewing and enhancing” its “data handling and privacy policies to prevent future occurrences” and “providing support and guidance to affected clients to mitigate against any potential risks”. – © 2024 NewsCentral Media
Don’t miss:
Standard Bank warns ‘vishing’ fraudsters are targeting the elderly