While it is unclear what information was taken from Liberty Life’s email server by hackers‚ some details contained in the emails could be used to commit crime‚ computer forensics company Cyanre CEO Danny Myburgh warned on Monday.
Liberty announced at the weekend that criminals had hacked into an email server. Currently‚ it believes recent e-mails and attachments from its insurance business in South Africa had been accessed.
Commenting on any possible threat to Liberty’s customers‚ Myburgh said the extent of the risk to the customers depended on what information was stolen.
He said if there was customer contact information and where a person’s medical status was provided‚ there could be risks to the customer. “Remember it is not only the communication between the insurer and the insured‚ but some medical information that was given by the customer to the insurer to determine the price of cover‚” Myburgh said.
Myburgh said there could also be customers’ bank accounts in that communication. “This information can be used for identity theft purposes and to perpetrate crimes against that person.
“A person who obtains personal information about a customer could claim to be a service provider for future transactions.
“The person who stole the information can extort the company or individual with that information‚” Myburgh said.
Myburgh said one of the concerns after the reported theft is that although the breach was detected and stopped‚ it remained of interest how the information that had been stolen would be used in the next two months.
He said for the police and Liberty the success rate in tracking the person or persons who hacked into the email server depended on how well the hackers covered their tracks.
Liberty CEO David Munro told a press conference at its offices in Braamfontein‚ Johannesburg‚ on Sunday evening that a large team of IT and security specialists had been investigating the breach of its IT infrastructure from Thursday.
“There is no evidence that any of our customers have suffered any financial loss.
“We will proactively inform our customers individually if and when we discover that they may have been impacted. No further action is currently required from our customers.”
Liberty said the cyber attack had not spread to Stanlib‚ nor to its businesses outside South Africa.