JOHANNESBURG – Credit bureau Experian accidentally handed over personal details of about 24 million consumers and nearly 800,000 businesses to an individual it now describes as a fraudster.
This is South Africa’s largest-ever data breach.
READ: Data breach: Experian believes clients’ details on the internet
The Information Regulator has been tasked with monitoring compliance to prevent sensitive consumer information from landing in the wrong hands.
The regulator has complained of weak support and limited resources.
READ: Be careful of suspicious requests, banks warn after Experian data breach
The additional provisions to the Protection of Personal Information Act (POPIA) act were put in place in June and will come into effect in 2021, giving enforcement powers to the regulator including the ability to levy fines of over R10-million and the ability to pursue criminal prosecution.
The new legislation is aimed at ensuring companies have adequate security measures when dealing with private information.
Advocate Pansy Tlakula said the regulator has met with Experian management several times and contracted a forensic analyst to review the investigation into the company’s internal investigation of the breach.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.