ABSA Group says Clients Data Sold to Third Party in Suspected System Breach

South Africa-based financial services group, ABSA Group has notified customers of a potential breach in which client data might have been given out by a rogue employee who works as a credit analyst at the bank.

ABSA Group which provides personal and business banking as well as wealth management services, has pointed the finger at the employee who had access to clients’ information as part of their day job.

A bank credit analyst examines the risk factors that may influence loan applications. The credit analyst also had access to the group’s risk modelling processes, the bank confirmed – which may imply some level of seniority.

The analyst sold 2% of the bank’s retail customer base – an estimated 200,00 people – to third parties. These parties may include marketing groups, who may “try to commit fraud on these accounts”.

Absa sent an email to customers on Monday informing them of the data breach. The message said that personally identifiable information (PII) belonging to clients was exposed to “external parties.”

“We regret to notify you that Absa has identified an isolated internal data leak whereby personal information of a limited number of Absa customers was shared with parties external to the bank,” the financial group said.

ID numbers, contact details, physical home addresses, and account numbers are thought to have been compromised. Absa has not revealed if any other sensitive, financial data was involved in the data leak.

It is still not known how many customers were been impacted in South Africa and also if any other country outside South Africa might have been affected.

ABSA Group has said the bank will monitor more closely for suspicious transactions in a “small” number of its client base that may have had their information stolen. If transfers are suspected of being fraudulent, Absa will ring customers to verify transactions.


Note: ABSA bank Kenya did not answer to our inquiry by the time this article went up.