Everything you need to know about the Liberty Data Breach Incident
One week after our IT infrastructure was illegally accessed, we'd like to update you on the progress of our investigation and the security measures we've put in place to ensure that all our stakeholder data is secure.
The investigation into the breach is still underway but so far much of the data stolen is what is called “unstructured data", consisting mainly of e-mails and attachments. We have still found no cases in which any of our customers have been impacted financially. We want to clarify that your policies and investments are secure.
We have full control of our IT infrastructure
We are deeply distressed by the data breach that has taken place at Liberty. Please allow me to offer our sincere apologies for the anxiety that this may have caused. We can assure you that we have regained full control of our IT infrastructure and we have deployed additional security measures. The vulnerabilities have been addressed and we are working tirelessly to make sure this doesn’t happen again.
Log in to view your policy values
I want to reassure you that our online verification processes are in place and working. Even changing your address or contact details require a number of steps and unique details. If you've enabled online servicing, please do log onto the system to view your policy values and confirm this for your own peace of mind.
Liberty did not give in to extortion
Let me make it clear that this is an act of criminality, and we made no concessions in the face of this attempted extortion. This is not to say that we have been passive! We have brought in an expert cyber-security team who are working around the clock to manage the breach and assist the authorities with this investigation.
Liberty is committed to integrity and transparency
We are very clear that we cannot retain the trust-based relationships we have with you by unnecessarily withholding information. We have called our staff and advisers together, and asked them to help us to support you at this time.
We will continue to keep you informed every step of the way and should any new information come to light we will proactively inform you on an individual basis.
We would like to inform you of the following to help you be vigilant in the protection of your data:
- Liberty will not send you an e-mail or link for you to change any of your passwords
- It is always good practice to ensure you select strong passwords and change them on a regular basis
- We also recommend that you monitor suspicious phishing emails and delete them from your email box immediately
Your frequently asked questions answered
It is important for us at Liberty to keep you informed. This is why we let you - our valued customer - know about the data breach before you heard it from anyone else.
We've collated some of the most important questions that we've received since the breach occurred and answered them to the best of our ability.
| Question | Answer | |
|---|---|---|
| 1 | What was the nature of the breach? OR What is the scope of the breach? What details have been hacked? |
Liberty was subject to an illegal and unauthorized access to its IT infrastructure, which was largely email and attachments. |
| 2 | What have you done to address the data breach? | As mentioned we immediately deployed a world class team who (a) identified and addressed the vulnerability in our system; (b) we have contacted all of our customers by SMS and/ telephonically on Sunday, 17 June 2018, to reassure them that we are doing everything possible to protect their data; and (c) we reported the attack to the relevant authorities. |
| 3 | What measure have you taken to ensure that all personal information is safe? | Liberty specialist teams immediately began investigating the incident, prioritising the protection of customer details and the security of the company’s IT systems. No resource has been spared in responding to this situation. We have assembled a huge team of technology and security specialists that have world class skills specialising in incidents such as these. We immediately identified and addressed specific vulnerabilities that our IT infrastructure may have had, ensuring the integrity of our customer data. Our team of IT and security personnel have devoted all their efforts around the clock to ensure that we live up to our duty of care to protect our customers and their details. |
| 4 | Will customers’ policies be impacted? | At this stage, there is no evidence that any of our customers have suffered any financial losses. Our IT environment has been fully secured. |
| 5 | Is customer data now safe? | Yes. We have addressed the vulnerability in our systems and we have been given strong assurances that our systems have been secured. We’re confident that our customer data is now safe. |
| 6 | Is the Liberty IT infrastructure now secure? | We have done all we can to ensure the security of our IT infrastructure. However, we live in a world of highly sophisticated criminals, whose methods evolve at an equal pace, as the technology built to protect data from them. We continue to evolve our systems to protect our customers. |
| 7 | How will customers know whether they have been impacted, what should they do? | Liberty commits to providing regular updates on the investigation process and will be contacting customers individually if they have been impacted. |
| 8 | Who can I contact with my concerns and queries about this incident? | We encourage you to contact our call centre on 0860 456 789 or email info@liberty.co.za . Please have your ID number or policy number on hand. |
| 9 | Liberty has confirmed that email data has been stolen. What implications does this have for customers? | As the data taken was contained in emails, it was unstructured data (not indexed in any way). We are therefore still going through the data to determine which customers are affected and to what extent. We are working with the authorities and are at an advanced stage of the investigation, and we will deal with the situation as we uncover information. Again, we commit to contacting affected customers directly. |
| 10 | Is there an internal investigation or have other authorities been brought in to intervene/investigate? | Both. We are at an advanced stage of investigating the extent of the data breach and we are working closely with all relevant authorities. |
| 11 | Has Liberty made any progress in its investigations? | Liberty is at an advanced stage of investigating the extent of the data breach, which at this stage seems to be largely emails and possibly attachments. Any further updates in this regard will be given as soon as more facts emerge. |
| 12 | What steps will be taken against the perpetrators? | Liberty is working closely with all relevant authorities. |
Comments
Here’s the link to Comparitech findings - http://compari.tech/data-breaches Report Abuse