The CEO of Sygnia, one of South Africa’s top asset managers, has excoriated financial services group Discovery over an apparent data breach that leaked highly sensitive client information.
Magda Wierzycka, one of South Africa’s wealthiest women, took to social media platform X on Wednesday to lambaste Discovery Insure, Discovery’s short-term insurance company, saying she plans to cancel all her company’s policies with Discovery over the alleged breach.
Update: Wierzycka may have been victim of whaling attack
“Discovery data breach. Where is an apology?” she posted. “Where is a suggestion of what to do? I am cancelling everything I have ever opened with Discovery.”
She then attached a notice she said she received from Discovery Insure, issued in terms of section 22 of the Protection of Personal Information Act, in which the insurer appears to confirm that a serious incident took place.
“In accordance with our commitment to transparency and protection of your personal information, we regret to inform you that some of your personal information was shared without your prior consent with an unauthorised third party. Note that none of our systems were compromised as a result of, or due to, this incident.”
According to the letter she posted, the company said it picked up an incident as part of its “proactive and forensic screenings” where an “impersonator called into the Discovery Insure call centre requesting your policy schedule”.
“A detailed investigation revealed that the imposter most likely obtained personal information from historical third-party data breaches, including credit bureaus (2020), messaging platforms (2024) and other data-scraping techniques.”
Private personal information
“The impersonator used this information to pass Discovery Insure’s identification and verification screening and as such the policy schedule was obtained. We have reported this to the Insurance Crime Bureau, Sabric (the South African Bank Risk Information Centre) and appointed forensic specialists to continue ongoing screening.”
According to the letter posted by Wierzycka, Discovery informed her that the following personal information was compromised: name and surname, cellphone number, e-mail address, residential address, ID number and details of items insured.
In another tweet, Wierzycka took umbrage at Discovery’s lack of an apology for the incident. “They don’t know who did it. They didn’t apologise! I am cancelling everything we have with Discovery, including Sygnia’s medical aid. Our staff details might be compromised in the same way.”
She said she plans to take the matter “to regulators” on Thursday.
“I suggest you check if you have or could be affected — I would check everything you have via Discovery. Every policy. Every investment. Medical aid. Vitality. Discovery Bank,” she posted.
In reply to another user on X, she said: “The risks of financial data breaches to such an extent (each item you insured described in detail and valued) exposes you to serious personal security risks. As if I didn’t have to live with that before.”
I just received an email from DISCOVERY INSURE. They had a data breach. DISCOVERY told us they have revealed our address, contact details, IDs, every ITEM we have insured,value of everything – everything to make us a target! They don’t know who did it. They didn’t apologize!
I…
— Magda Wierzycka (@Magda_Wierzycka) June 5, 2024
Discovery South Africa’s official X account responded late on Wednesday to another X user – not directly to Wierzycka – posting: “Please allow us to clarify. This incident affected less than 20 Discovery Insure clients who received individual communication on 17 May and 5 June, outlining the event and offering support, including personal security consultations and physical premises security assessments.” — (c) 2024 NewsCentral Media