Cyber Incident Victim: Absa

The incident at Absa Bank, discovered on October 27, 2020, involved an employee illegally selling the personal data of 200,000 retail clients—representing 2% of the bank’s customer base. The employee, identified as a credit analyst with authorized access to risk-modeling processes, exploited their position to extract and transfer sensitive information to third parties. Exposed data included client ID numbers, physical addresses, contact details, and descriptions of vehicles purchased through Absa’s financing services. Financial credentials such as PIN codes and passwords remained uncompromised. Absa’s Group Chief Security Officer, Sandro Bucchianeri, characterized the perpetrator as a trusted individual whose job responsibilities legitimately required access to the stolen data. The bank initiated an internal investigation upon discovery and secured court orders to execute search-and-seizure operations at multiple locations suspected of harboring stolen data.

Absa delayed public disclosure of the breach for one month to avoid interfering with ongoing legal proceedings. During this period, law enforcement recovered all devices containing the stolen customer information, which Absa confirmed were wiped clean of sensitive data. Bucchianeri warned that third parties who purchased the data might attempt to commit fraud against affected accounts. The incident occurred shortly after a separate August 2020 breach at credit bureau Experian, which exposed records of 24 million South Africans and 793,749 businesses, including customers of Absa and four other major banks. While the Experian breach involved broader demographic data (names, IDs, phone numbers, addresses, emails), Absa’s incident was distinguished by its insider origin and the specific inclusion of vehicle financing details. No technical system vulnerabilities or external attacker tactics were cited in Absa’s disclosures.