According to reports, in December 2018, the culprits covertly printed out the bank’s master key in plain text, stealing approximately USD 3.35 million from beneficiaries who receive social grants every month. It appears that the master key was exposed in July 2018 during a data center move.
The attackers could have also accessed the bank’s systems, editing account balances, and resetting or filling up Postbank cards. By December 2019, bank officials registered around 25.000 fraudulent transactions in their system. Between 8 million and 10 million cardholders were affected and, besides stealing funds from their accounts, the bad actors could have also exfiltrated the personal information of an additional 1 million customers.
The cost of replacing the affected cards is USD 58.7 million, and bank officials have yet to confirm if grant beneficiaries who were affected by the fraudulent acts will be reimbursed for their loses. In September 2019, South Africa’s Reserve Bank provided an 18-month deadline for Postbank to replace the 12 million compromised cards. The bank also prohibited contactless offline transactions for cardholders within the same timeframe.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now