Cyber Incident Victim: Old Mutual

Old Mutual detected unauthorized access to one of its systems in May 2017, prompting an immediate response to contain the breach. The intrusion resulted in the exposure of personal information belonging to a limited number of South African customers, specifically their names, telephone numbers, and certain investment values. The company confirmed no transactional data, financial account details, credit card information, medical records, or passwords were compromised during the incident. Upon discovery, Old Mutual swiftly disabled the unauthorized access point and implemented enhanced security measures across its systems. Internal control processes were activated to protect customer portfolios, with the organization verifying that no clients suffered financial losses or portfolio damage. The breach timeline remains unspecified, though Old Mutual committed to notifying affected individuals by 26 May 2017.

The financial services group initiated a multi-phase response involving containment, investigation, and stakeholder communication. Affected accounts were ring-fenced as a precautionary measure, with direct outreach conducted to impacted customers alongside a broader advisory notice warning against potential fraudulent contacts. Old Mutual reported the incident to relevant regulators and collaborated with the South African Police Service (SAPS) for investigation. An intensive internal review was launched to determine the breach's root cause, with commitments to implement management actions based on findings. Security protocols were further tightened across systems, which remained under heightened surveillance following the incident. The company issued a public apology emphasizing its serious stance on the breach while assuring customers of reinforced safeguards to prevent recurrence. No additional operational impacts or data compromises were disclosed beyond the initially reported scope.