Experian recently experienced a data breach, which they claim has been contained, but it appears that it has not been. The breach exposed the personal information of 24 million South Africans, 800,000 business, and the bank accounts of 25,000 firms. The credit information company claim to have seized and deleted all data, but it appears that on the contrary to this, the lost data has actually been enriched as ID numbers have been linked to phone numbers, employee numbers, bank accounts, and home addresses, making individuals and companies involved in the breach extremely vulnerable.
Since the incident, the Information Regulators have suggested that class action cases should be taken against Experian to sue for the losses, as the office cannot do anything to protect those involved in the incident as the Protection of Personal Information Act (Popia) is not yet in full effect.
The Chief Executive of Experian South Africa, Ferdie Pieterse, says that there is no evidence of the data being for sale on the internet or the data has been used for fraudulent purposes according to their Global Security team. However, an investigation by Troy Hunt found that enough personal data has been released for identity theft to be carried out and to facilitate financial transactions, as the leaked data contains credit or financial information.