Cyber criminals take the Liberty of helping themselves to client info
So how worried should we be about the Liberty cyber hack? Wendy Knowler wades in on that hack.
Listen to this week's Consumerwatch with Wendy Knowler below, or read the details under the podcast.
As Liberty’s chief executive David Munro said at a media briefing a few days ago: every enterprise in the world faces the continuous escalation of such cyber attacks and the ever-increasing sophistication of the criminals.
I was among those - Liberty is not saying how many of us there are - who got that alarming SMS just after nine on Saturday night.
“Dear Valued Customer, Liberty regrets to inform you that it has been subjected to unauthorised access to its IT infrastructure, by an external party, who requested compensation for it.
“Since becoming aware, we have taken immediate steps to secure our computer systems.”
Translation: “We’ve been hacked, and now they are blackmailing us…” and “But we aren’t going to pay.” The plot of many a movie was suddenly very real.
And David Munro got to play the starring role in front of the cameras the next day.
The plot so far:
What happened?
According to Munro, the hackers got hold of Liberty on Thursday night with the news that they’d accessed client data and demanded payment, failing which they’d go public with it.
The client date was restricted to recent emails and attachments sent to clients, he revealed. In my case, that would be the anniversary letter I got in February - in other words, a notification that my insurance premium was going up in March.
The Sunday Times, quoting sources with “intimate knowledge” of the situation, said the unknown hackers demanded payment of millions of Rands, failing which they would start releasing some of the information in their possession to the public.
On Monday, an anonymous post was made to the website Pastebin by those claiming to be behind the hack, claiming that 40 terabytes of data had been stolen in the hack.
Cybercrime expert Jacques van Heerden said South Africans “should be terrified”. Great.
Munro declined to comment on that post, saying Liberty continued to “evolve our systems to protect our customers”.
"We continually evaluate our IT security systems in line with global best practices.”
And that they’re at an advanced stage in investigating the extent of the data breach.
What it's not:
Liberty has been at pains to say that there’s no evidence of any customers suffering any financial loss and that if that were the case, they’d be contacted individually. So no news is good news, I guess.
How did it happen?
Cybersecurity experts are saying it was either an inside job or someone with the correct privileges at Liberty was hacked, which means that they could have used that person's permissions to get into the system.
The fall-out:
Liberty’s share price fell almost 5%, and Liberty customers, in particular, are feeling very vulnerable. We don’t know who the hackers are or what they are capable of.
My most recent SMS from Liberty, on Tuesday afternoon, advised me to “be vigilant in the protection of your data”.
"Liberty will not send you an email or link for you to change any of your passwords.
“It is good practice to ensure you select strong passwords and change them on a regular basis.”
To be continued…
*To get in touch with Wendy, email her via her Facebook page - wendyknowlerconsumer. Use the email button.
Also read: Liberty Group rocked by cyber attack