Cyber Incident Victim: Momentum Metropolitan
Date:
Aug 2020
Location:
South Africa
Summary
A financial services group experienced a cybersecurity breach where a third party unlawfully accessed a limited portion of administrative and financial data from one of its subsidiaries. The organization detected the incident, activated its IT security response plan, and engaged cyber forensic partners to investigate, confirming no client or member data was compromised. While the accessed information was not expected to prejudice stakeholders, authorities were notified, and investigations remained ongoing alongside efforts to maintain uninterrupted client services. Concurrent financial challenges unrelated to the breach, including pandemic-related market impacts and increased insurance reserves, contributed to significant projected earnings declines for the period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 13, 2020, Momentum Metropolitan Holdings detected unauthorized access to its network by a third party, prompting immediate activation of its IT security incident response plan. The breach impacted a subsidiary of the financial services group, with investigations revealing access to a limited portion of data. The company implemented additional systems monitoring and reinforced IT security controls while maintaining uninterrupted client services. Momentum engaged cyber forensic partners to conduct extensive investigations into the breach's nature and scope. By August 17, 2020, the group confirmed the compromised data consisted solely of administrative and financial information, explicitly excluding any client or member records. Authorities were notified as investigations continued, though no specific regulatory bodies or law enforcement agencies were named in public disclosures. The company maintained that the accessed data posed no expected prejudice to stakeholders based on preliminary findings.
The incident occurred amid broader financial challenges for Momentum Metropolitan, which separately reported an expected 45-65% decline in headline earnings per share for the fiscal year ending June 2020. While the breach itself wasn't directly linked to the earnings decline, the company cited COVID-19 pandemic impacts as the primary driver of financial strain, including investment market losses and increased reserves for pandemic-related insurance claims. Momentum disclosed a R1.3 billion pre-tax earnings reduction attributable to pandemic effects on mortality assumptions and insurance claims, alongside unrelated R500 million property impairments and R200 million goodwill write-offs. The cyber incident's direct financial impact remained unspecified, with the company emphasizing that no client data exposure occurred and operational continuity was maintained throughout the response period. Security remediation efforts focused on containment and system reinforcement without disclosing specific technical details about attack vectors or compromised infrastructure.