Telling empowering stories, South Africans want to hear

Friday, 07 June 2024 12:12

Discovery claifies Sygnia CEO Magda Wierzycka data leak.

By Lehlohonolo Lehana.

@GettyImages.

Financial services group Discovery says the data breach has affected 20 clients and it has since appointed forensic specialists to investigate while offering support to its customers.

Magda Wiezycka one of South Africa's wealthiest women, took to social media platform X on Wednesday to lambast Discovery Insure, Discovery's short-term insurance company, saying she plans to cancel all her company's policies with Discovery over the alleged breach.

"Discovery data breach. Where is an apology?" she posted. "Where is a suggestion of what to do? I am cancelling everything I have ever opened with Discovery."

She then attached a notice she said she received from Discovery Insure, issued in terms of section 22 of the Protection of Personal Information Act, in which the insurer appears to confirm that a serious incident took place.

"In accordance with our commitment to transparency and protection of your personal information, we regret to inform you that some of your personal information was shared without your prior consent with an unauthorised third party. Note that none of our systems were compromised as a result of, or due to, this incident."

According to the letter she posted, the company said it picked up an incident as part of its "proactive and forensic screenings" where an "impersonator called into the Discovery Insure call centre requesting your policy schedule".

"A detailed investigation revealed that the imposter most likely obtained personal information from historical third-party data breaches, including credit bureaus (2020), messaging platforms (2024) and other data-scraping techniques."

The impersonator used this information to pass Discovery Insure's identification and verification screening and as such the policy schedule was obtained.

"We have reported this to the Insurance Crime Bureau, Sabric (the South African Bank Risk Information Centre) and appointed forensic specialists to continue ongoing screening, Discovery explained."

"We identified 20 instances where the impersonator passed the verification process," it said.

"We take our responsibility in respect of data privacy incredibly seriously, which is why we proactively alerted clients who were targeted and offered support, including personal security consultations, and we also appointed forensics specialists to continue ongoing monitoring."

South Africa has experienced several data breaches and cyber attacks over the past five years, including data breaches at two large credit bureaus, Experian and TransUnion, with large amounts of personal information compromised.

Attacks at public institutions include the Department of Justice, state-owned Transnet, the Companies and Intellectual Property Commission (CIPC), which holds the personal details of thousands of companies in South Africa and – most recently – the International Trade Administration Commission (Itac).