Skip to content

Experian Announces Major Data Compromise in SA

Experian has recently issued a press statement admitting that it handed over personal and company data to an individual claiming to represent a well-known company. This process took place in May, and according to Experian once it realised that it had been duped by the scammer it approached SAPS which arrested the person and seized his PC and hard drives. Experian claims that the data was all publicly available and that therefore the public has little to worry. SABRIC and the banks, however, seem to disagree. The data of about 24 million South African consumers and 793 749 businesses was compromised. Experian is a credit bureau, which carries not just the identities, addresses, phone and email addresses of consumers, but also other data, such as the name of their bank, insurances, and any outstanding or past debts, and their credit scoring.

Although this is an issue covered by the POPIA, it is uncertain at present if the Information Regulator (IR) has a role. If this is the case, the IR can demand that Experian takes specific action to limit the damage, including informing each individual and company whose data was compromised, rather than just sending out a general press release. The IR also has the right to fine the company and to start a criminal case if the data is sensitive. The victims could also take a class action against the company for failing to ensure their data was properly secured. Experian has stated that there is no evidence that the scammer had passed on the compromised data to other criminals. However, since the scammer had 2 months to monetize the data he had been given, it unlikely that the data was not sold on to the international criminal organisations that specialize in stolen data. In theory, individuals have the right to ask Experian if it carries any data on them and to ask for that data to be deleted or corrected. However, credit bureaus are notoriously unwilling to accord consumers their rights under data privacy laws. This case should provide the IR with the ammunition to force the credit bureaus to be transparent and apply POPIA.

Posted in

Alastair Tempest

1 Comment

  1. Kisha Donahoe on Nov 21, 2023 at 6:38 pm


    An impressive share! I have just forwarded this onto a colleague who was conducting a little research on this. And he actually ordered me lunch because I discovered it for him… lol. So allow me to reword this…. Thank YOU for the meal!! But yeah, thanks for spending the time to discuss this subject here on your web site.

    Best Regards

Leave a Comment

Become a member

Join the Ecommerce Forum South Africa and benefit from industry insights in South Africa and Africa.

Sign up to newsletter

Sign up to our newsletter and stay informed of the progress we are making at the Ecommerce Forum South Africa with government during Coronavirus.