Be very careful online, an expert has warned Liberty Holdings clients. The financial services giant fell prey to hackers, who demanded a ransom and threatened to release company clients’ personal information.
While Liberty has claimed that it does not believe any of its clients were affected financially, IT industry analyst and TechCentral editor Duncan McLeod said there were steps customers could follow in case their personal information was publicised.
“If your personal information is with Liberty, there is a possibility that it will be in the public domain,” McLeod said.
“You have to be much more cautious when you are online. Beware of phishing attempts, and look out for suspicious SMSes or e-mails. If you get e-mails from Liberty or other companies, always check the address to make sure it looks legitimate.
“I don’t know if passwords were accessed, but the most crucial mistake people make is having the same password on everything. Never ever use the same password to access different services; make sure that every single one is different, and the best way to ensure this is to make use of a password manager,” he added.
On Saturday night, Liberty sent an SMS alert to its clients informing them of a data breach, which it labelled an act of criminality and extortion. While it had informed authorities of the breach, yesterday it said it was in the advanced stages of its own investigation.
While Liberty chief executive David Munro claimed the company was in control of its data infrastructure, the company was castigated by cybersecurity company Ukuvuma Security yesterday.
It said: “Liberty claims that it is in control of its technology and data infrastructure after a massive data breach, but the fact that hackers could extract data undetected is alarming.”
McLeod said that such occurences were not uncommon, and that any company could fall victim to breaching of data. South African companies were not more or less exposed to such attacks than in other countries, he said.
“Companies also generally applied the same information security techniques and rules as those in the international markets.
“It can be done by anyone with an unattached computer somewhere, who is able to find where there is a vulnerability.
“We need to pay very close attention to information security, it is something that should be discussed in boards and dealt with at CEO level and also, there has to be a plan in place in every company for when a company experiences an attack like this. If you do not have a plan, it will be much more difficult to plan what to do next. It is crucial for companies to have their own information breach plan.”