Momentum Metropolitan, a South African based financial services group listed on the Johannesburg Stock Exchange (JSE) in South Africa and on the Namibian Stock Exchange in Namibia, has issued a statement stating that it suffered a cyberattack. According to the financial services company, only a limited amount of data was accessed by the intruder/s during the attack.
So far the company has not disclosed any further information on the subsidiary affected nor the extent to which customers were affected by the cyberattack. All that is known so far, as per the company's statement, is that the attack was allegedly discovered on 13 August 2020.
"The Group became aware of a data breach on its network on Thursday 13 August 2020 and immediately activated its IT security incident plan, which included the implementation of additional systems monitoring and the reinforcement of its IT security. The Group’s IT teams have been working non-stop to ensure that service to clients remains unaffected," reads a statement issued by Momentum Metropolitan on 17 August 2020.
Increase in data breaches in South Africa
As each year passes, there is an increase in the number of data breaches and cyber attacks that South African organizations suffer. During June 2020, another South African organization listed on the JSE, Life Healthcare Group, reported that its IT systems suffered "a targeted criminal attack." At the time, the company which operates private hospitals in South Africa and Botswana said that the attack affected its hospital admissions systems, business processing systems, and e-mail servers.
This went on to affect its operations for several days.
With South Africa's Protection Of Personal Information Act (POPIA) only coming into effect on 1 July 2020 with a 12 months grace period, this meant that Life Healthcare Group would not suffer any fines.
Other such incidents include Liberty Group in 2018 suffering a data breach in which the hackers demanded money in return for not releasing what they claimed was 40 TB worth of data they managed to access on Liberty's systems. While on the other hand, City Power Johannesburg suffered a ransomware attack during 2019 in which the criminals demanded payment in Bitcoin before bringing the power utilities IT systems and network back up.
Ongoing investigations into Momentum cyberattack
What is interesting is not only that the company issued a statement several days after discovering the attack but despite acknowledging that some data was accessed, Momentum Metropolitan has said that its investigations show that the data accessed is not expected to prejudice any stakeholders, including clients However, this cannot be a final conclusion until an independent investigation by a body such as the Information Regulator of South Africa has been conducted.
"In conjunction with cyber forensic partners, the Group has done extensive investigations into the nature and extent of the breach. Based on the investigation to date, the Group confirms that information accessed does not contain any client or member data. Information accessed contains administrative and financial data that is not expected to prejudice any stakeholders of the Group."
Momentum Metropolitan has further added that it has alerted "authorities" and that investigations into the cyber attack continue.Share this via: