Back Print this page
Legalbrief   |   your legal news hub Sunday 14 December 2025

Liberty mops up after massive data breach

In possibly the most damaging data breach case in South African history, Liberty Holdings has experienced a massive IT hack. Legalbrief reports that while the financial services company has since regained control of its IT systems, the Information Regulator has voiced concern over the ‘disturbingly high’ number of material data breaches in SA in recent months. Arthur Goldstuck, MD of World Wide Worx said the people behind the breach had threatened to release e-mails and possibly attachments from Liberty to clients, on the 'dark web' (which requires specific software to access, and sells mainly illegal products using cryptocurrencies). Goldstuck reportedly told Fin24 that because people typically use the same password across multiple accounts, their transactional banking accounts could be at risk. Liberty said that clients whose information had been impacted would be informed and no further action was required from policy holders. He noted that it was ‘a little concerning’ that it took the company two days to admit the breach to the public and clients. A report on the eNCA site notes that a security expert has suggested that the breach could have been an inside job. ‘It most likely happened in one of two ways: it was either an inside job or someone with the correct privileges was hacked, which means that they could have used that person's permissions to get into the system,’ Ukuvuma Cyber Security MD Andrew Chester is quoted in the report as saying. He said the hack could have been avoided by applying general data security practices such as encrypting sensitive data, segregating it from vulnerable systems, and building in rigorous access control and monitoring systems. Business Day reports that the insurance industry holds sensitive data on millions of clients, including their banking details and medical reports. Sanlam CEO Ian Kirk, one of Liberty’s largest competitors, said his IT security team was also working around the clock to prevent a similar incident at their data centres.

The Information Regulator has requested an urgent meeting with Liberty Holdings CEO David Munro to understand how its data was breached, says a TimesLIVE report. Information Regulator chairperson Advocate Pansy Tlakula also requested the extent and contents of the data breach‚ what interim measures have been put in place to prevent further breaches and if those affected by the breach have been informed. It is not yet clear how much information was stolen and how many customers might be affected. Munro said the company believed the breach involved recent e-mails and attachments from Liberty’s insurance business in SA. Tlakula said the Protection of Personal Information Act (Popia) has only partly come into effect‚ but section 19 of the Act requires companies to ensure the personal information it possesses is secure. ‘South Africa has experienced a disturbingly high number of material data breaches in the past few months‚’ Tlakula said. ‘Without a fully functional Information Regulator‚ these breaches will continue to occur without sanctions provided for in Popia. These data breaches underscore the (need for the) urgent establishment of the regulator.’ Meanwhile, Moneyweb reports that Liberty could face massive fines through civil lawsuits. Civil claims from aggrieved clients could potentially emerge on the basis of their right to privacy being infringed, while fines as high as R10m for each data breach incident could be levied under the Protection of Personal Information Act. The law, introduced when government realised that data breaches were a rising threat across industries, puts the onus on companies to safeguard the collection and storage of personal information.

Apart from the latest cyber threat against Liberty Life‚ personal information about South Africans has landed up in the wrong hands as a result of several data breaches in the past few months. As previously reported in eLaw & Management, ViewFines‚ a website for viewing traffic fines‚ suffered a data breach in May. More than 934 000 records containing 778 000 unique e-mail addresses were exposed‚ including names‚ phone numbers‚ government-issued identity numbers and passwords stored in plain text. A TimesLIVE report notes that the leak did not affect all licensed drivers but only those who had registered to pay traffic fines online using one or more of the sites that provided the service.