PostaBank replaces 12 mln bankcards after data breach

Tuesday 23 June 2020 10:41 CET | News

South Africa-based Postbank has suffered a data breach, forcing the institution to replace 12 million bankcards after rogue employees stole its 36-digit master key.

According to reports, in December 2018, the culprits covertly printed out the bank’s master key in plain text, stealing approximately USD 3.35 million from beneficiaries who receive social grants every month. It appears that the master key was exposed in July 2018 during a data center move.

The attackers could have also accessed the bank’s systems, editing account balances, and resetting or filling up Postbank cards. By December 2019, bank officials registered around 25.000 fraudulent transactions in their system. Between 8 million and 10 million cardholders were affected and, besides stealing funds from their accounts, the bad actors could have also exfiltrated the personal information of an additional 1 million customers.

The cost of replacing the affected cards is USD 58.7 million, and bank officials have yet to confirm if grant beneficiaries who were affected by the fraudulent acts will be reimbursed for their loses. In September 2019, South Africa’s Reserve Bank provided an 18-month deadline for Postbank to replace the 12 million compromised cards. The bank also prohibited contactless offline transactions for cardholders within the same timeframe.

More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: South Africa, Postbank, banks, cards, security, data, fraud, Reserve Bank, transactions
Categories: Fraud & Financial Crime
Countries: South Africa
This article is part of category

Fraud & Financial Crime