On Monday, Arthur Goldstuck, MD of World Wide Worx pressed Liberty Holdings customers to change any bank account or other system details that have the same passwords as their Liberty accounts.
At a press conference on Sunday evening, Liberty admitted to a third party data breach on Saturday night but that no customers had yet been financially impacted.
Goldstuck said the breach of Liberty’s client information is the largest hack of a financial institution in South Africa, noting that it was "a little concerning" that it took the company two days to admit the breach to the public and clients.
According to Fin24, Goldstuck said by phone that the perpetrators of the breach had threatened to release confidential information of Liberty clients to clients of their own on the 'dark web' – a haven on the internet for many criminals and illegal activities, which requires specific software to access.
Goldstuck suggests that people buying this information will want to retrieve as much of Liberty’s customers’ personal data, such as policy documents and their log-in details for their Liberty accounts. He says that, because people typically use the same password across multiple accounts, their transactional banking accounts could be at risk.
The attackers have warned Liberty that should they not meet their demands for money, the information will be released incrementally to the dark web. No figure has been disclosed by Liberty as yet and they have denied any payments have been made.
Liberty said in a statement on the JSE newswires on Monday morning that any client whose information had been impacted would be informed in due course and that no further action would be required from policy-holders.
Liberty's website claims it offers asset management, investment, insurance and health products to 3.2 million people across Africa.
Goldstuck urged the company to be "fully transparent" about all the details of the breach.
"Liberty is guarded about the nature and other details of the hack, saying only the breach is subject to a police investigation.
"There is speculation that there was inside involvement. It appears [they] had access to the entire server [so] it seems unlikely it was external," said Goldstuck.
At Sunday's press conference, Liberty Holdings CEO, David Munro, said that authorities requested the financial institution to investigate whether the breach was an inside job or not, while police also investigate this possibility.
Apparently, all the emails affected were from Liberty's insurance division but, due to police investigations, he was unable to provide further details, including whether the hack had taken place inside or outside South Africa, or how many clients were impacted.
Goldstuck added that financial institutions were particularly vulnerable to data attacks. "Banks are fighting an ongoing war against hackers… it’s astonishing that there aren’t more breaches."