| Authority: | South African Banking Risk Centre (SABRIC) |
|---|---|
| Jurisdiction: | South Africa |
| Relevant law: | Electronic Communications and Transactions Act; Fraud |
| Type: | Criminal |
| Outcome: | N/A |
| Started: | May 2020 |
| Decided: | October, 2022 |
| Published: | July 2020 |
| Fine: | N/A |
| Parties: | R vs Karabo Phungula Re: Experian Africa |
| Case No.: | N/A |
| Appeal: | N/A |
| Original Source: | South African Banking Risk Centre (SABRIC) |
| Original contributor: | MZIZI Africa |
Contents
24 million records and 793k business entities personal information was illegal accessed through social engineering.
In 2020, the Experian data breach in South Africa became what is often described as one of the largest data breaches on the African continent.
Experian is a credit reporting company. Approximately 24 million South Africans and 793,749 business entities were affected by the breach of its systems.
The data was handed over to a cybercriminal Karabo Phungula who pretended to be representing one of Experian’s clients.
Experian detected the breach on July 22 2020, more than 50 days after the data had already been transferred.
The data was subsequently discovered on the popular data transfer website “WeSendIt”.
Experian is a multinational data analytics and consumer credit reporting company, so it is assumed that banking details, credit card details, phone numbers, and residential addresses, among other sensitive data were exposed.
In October 2022, the court found Karabo Phungula guilty of illegally acquiring personal and business data from the data services firm Experian.
In March 2023, the Specialised Commercial Crimes Court in Palm Ridge sentenced Phungula to 15 years in prison for fraud and violation of the Electronic Communications and Transactions Act.