E-mail repository compromised in Liberty ‘extortion’

Cybercriminals gained access to an e-mail repository belonging to financial services group Liberty and it’s this information they have used to attempt to shake down the company for millions of rand, CEO David Munro said on Sunday evening at a press conference in Johannesburg.

Liberty first revealed on Saturday that criminals had attempted to extort the money from the company in return for not releasing private information about its customers on the Internet.

“We are on top of the situation and we are working hard to protect our customers,” Munro told journalists at the group’s head office in Braamfontein. He said a criminal investigation is under way, with Liberty already working with regulators and law enforcement agencies.

He declined to say whether Liberty believes the suspects are based in South Africa or outside the country’s borders, saying that information is sensitive to the investigation.

“Since our statement yesterday, we can confirm that Liberty has been subjected to illegal and unauthorised access to our IT infrastructure. An external party has taken data from us and has demanded payment.”

The cybercriminals first contacted Liberty late on Thursday evening, Munro said. He declined to say how the company was communicating with them, again citing sensitivities. However, he said that after receiving the first communication, Liberty “immediately convened a team of security and IT specialists to investigate the incident” and “alerted the relevant authorities”.

“As soon as we were able to, we informed our customers via e-mail and SMS and sent a statement to the media. The safety and security of our customers’ information remains our top priority.”

An e-mail repository of “unstructured” data appears to have been compromised. Munro emphasised that Liberty has “full control” of its IT environment and has made “no concessions” to the attackers for “this attempted extortion”. He declined to say exactly how much the attackers wanted Liberty to pay them, though it has been reported they wanted millions of rand.

“There is no evidence that any of our customers have suffered any financial losses,” he added. “We will inform our customers individually as and when we discover they may have been impacted. No further action is required by customers at this stage.”

Munro could not say how many customers’ data are affected by the breach. However, it said it appears to be limited to its insurance operations in South Africa.  — © 2018 NewsCentral Media