Discovery has said a targeted scam that led to the leak of personal information belonging to Sygnia CEO Magda Wierzycka affected 19 of its clients.
TechCentral reported earlier on Thursday that Wierzycka – one of South Africa’s wealthiest women – had taken to social media platform X to excoriate Discovery over what she called a “data breach” that disclosed highly sensitive personal information, including her residential address and details of her insured items.
She said she would cancel every policy she held with Discovery over the incident, and over the company’s alleged failure to apologise to her for what happened. She said such leaks expose victims like her to “serious personal security risks”.
But Discovery Insure has now responded to Wierzycka’s criticism, saying the scammers are not only targeting its clients, but clients of insurance companies across the industry.
“Through Discovery’s audit and forensic screenings, we detected a scam where an impersonator called the Discovery Insure call centre requesting the policy details of Discovery Insure clients,” Discovery said in e-mailed response to questions from TechCentral on Thursday. “We identified 19 instances where the impersonator passed the verification process.”
Phone-based customer verification procedures involve a financial services provider such as an insurer or a bank asking the calling customer a series of questions that are assumed to be so personal that only the account or policyholder would know them.
If these questions are answered satisfactorily, the service provider then fulfils requests by the customer, such as reversing a debit order from their bank, or, in Wierzycka’s case, providing more information regarding a policy.
Whaling
Discovery is uncertain about how the scammer obtained information regarding its customers, although previous data breaches of credit bureaus and messaging platforms have been identified as a likely source.
“The impersonator most likely obtained personal information from historical third-party data breaches, outside of Discovery, and used the personal information to attempt to pass Discovery Insure’s identification and verification screening,” said the company, which has emphasised that its IT systems were not compromised through a hacking incident.
Discovery, not surprisingly, did not share the names of the other 18 victims. But Wierzycka’s high profile hints at a sophisticated type of scam called “whaling”, in which the targets are ultra-wealthy individuals such as corporate executives or business owners.
Discovery said it has reported the incident to the Insurance Crime Bureau (ICB), the South African Banking Risk Information Centre and the Information Regulator (as required by law). According to Discovery, the Insurance Crime Bureau has flagged the scam as an industry-wide phenomenon, targeting short-term insurers.
TechCentral contacted the ICB, but the bureau was not immediately available for comment. – © 2024 NewsCentral Media