The Information Regulator said it has requested an urgent meeting with Liberty Holdings to get an understanding of how its data was breached by hackers at the weekend.
In a statement issued by chair Pansy Tlakula on Monday, the regular said it had written to Liberty CEO David Munro to find out how the breach occurred, its extent and the interim measures put in place to prevent any further compromises.
In addition to this, the regular wants to know what measures have been taken to inform affected data subjects of the breach to allow them to take proactive measures against the potential consequences of the compromise.
On Sunday, the insurer announced that an external party had claimed to have seized data from the firm and demanded a ransom. However, the insurer said it made no concessions to the hackers and there was no evidence that its customers have suffered any financial loss.
Liberty assured customers that they will proactively inform them individually if and when they discover they may be impacted.
Although not all the provisions of the Protection of Personal Information (Popi) Act have come into effect, the regulator has consistently encouraged private and public bodies to proactively comply with the act.
Section 19 of the act requires responsible parties to put in place measures to secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent either loss of, damage to or unauthorised destruction of personal information or unlawful access to or processing of personal information.
South Africa has experienced a high number of material data breaches in the past few months. In addition to Liberty Holdings, there have been material data breaches at Master Deeds, Facebook and ViewFine.
Without a fully functional Information Regulator, Tlakula said, these breaches will continue to occur without sanctions provided for in the Popi Act.
These data breaches underscore the urgent establishment of the regulator, said Tlakula. — SAnews
