QSure, an insurance company that operates in South Africa, reported a data breach that happened sometime between May and June this year. As a result of the incident, bank account details and other sensitive information were stolen by unidentified hackers, according to Money Web.
QSure enlisted the help of three leading cyber security firms to investigate the incident. The company also said that it alerted the appropriate regulatory authorities.
Any QSure client who made debit card payments may have been affected by the breach. The stolen data may include such banking details as the account holder name, bank account numbers, and bank branch codes.
Ian du Toit, the chief operating officer of QSure, said that the company only has data on its policyholders.
“The data relates only to policyholders who are clients of QSure’s customers (insurers and brokers) and includes banking details, limited to the account holder name, bank account numbers and bank branch codes. No policyholder identity numbers, credit card details, any form of contact details, or policy content are kept on QSure’s database and therefore could not be compromised,” Chief operating officer Ian du Toit stated.
Around June 9, QSure servers have been the subject of strange activity, and as a precaution the company has stopped all external connections and resumed operations in a fully protected environment. A security breach at the insurance company was disclosed publicly on June 17 when another insurance company Hollard alerted its impacted customers about the personal information leak.
QSure did not mention whether it knows the identities of the persons responsible for the incident. It did not respond to the media’s inquiries about how their systems were compromised and what steps were taken to secure their systems.
Hollard only noted that the information that was stored on the database could have been accessed by unauthorized individuals. This information could include the account holder’s names, account numbers, and branch information.
Hollard advises its clients to be suspicious of all electronic communications, including text messages and e-mails, which are requesting personal information and never give away PINs and passwords.