The Postbank is having to replace about 12 million bank cards at a cost of R1 billion after a major security breach that exposes the personal data of millions of social grant beneficiaries and other account holders, the Sunday Times reported yesterday.
The report says the breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre.
According to a number of internal Postbank reports, the master key was then stolen by employees.
The master key, a 36-digit code, allows anyone who has it to gain unfettered access to the bank’s systems, and allows them to read and rewrite account balances, and change information and data on any of the bank’s 12-million cards.
Those who have been affected by the breach include between eight million and 10 million beneficiaries who receive social grants from the Postbank every month.
According to the Sunday Times , about one million more Postbank account holders have also been affected. Their personal data is now in the hands of the “criminals” who stole the master key.
An internal Postbank financial crime overview report, dated December, which the Sunday Times also obtained, shows that between March 2018, three months after the master key was generated and December 2019, the bank recorded about 25 000 fraudulent transactions in which R56 million was stolen from grant beneficiaries.
This money was stolen from social grant cards.
Source: itweb, sundaytimes