Magda Wierzycka slams Discovery over data breach


Discovery’s head office in Sandton. Image: Boogertman and Partners

The CEO of Sygnia, one of South Africa’s top asset managers, has excoriated financial services group Discovery over an apparent data breach that leaked highly sensitive client information.

Magda Wierzycka, South Africa’s wealthiest woman, took to social media platform X on Wednesday to lambaste Discovery Insure, Discovery’s short-term insurance company, saying she plans to cancel all her company’s policies with Discovery over the breach.

“Discovery data breach. Where is an apology?” she posted. “Where is a suggestion of what to do? I am cancelling everything I have ever opened with Discovery.”

She then attached a notice she said she received from Discovery Insure, issued in terms of section 22 of the Protection of Personal Information Act, in which the insurer appears to confirm that a serious incident took place.

“In accordance with our commitment to transparency and protection of your personal information, we regret to inform you that some of your personal information was shared without your prior consent with an unauthorised third party. Note that none of our systems were compromised as a result of, or due to, this incident.”

According to the letter she posted, the company said it picked up an incident as part of its “proactive and forensic screenings” where an “impersonator called into the Discovery Insure call centre requesting your policy schedule”.

“A detailed investigation revealed that the imposter most likely obtained personal information from historical third-party data breaches, including credit bureaus (2020), messaging platforms (2024) and other data-scraping techniques.”

Private personal information

“The impersonator used this information to pass Discovery Insure’s identification and verification screening and as such the policy schedule was obtained. We have reported this to the Insurance Crime Bureau, Sabric (the South African Bank Risk Information Centre) and appointed forensic specialists to continue ongoing screening.”

According to the letter posted by Wierzycka, Discovery informed her that the following personal information was compromised: name and surname, cellphone number, e-mail address, residential address, ID number and details of items insured.

Magda Wierzycka. Image: Sygnia

In another tweet, Wierzycka took umbrage at Discovery’s lack of an apology for the data breach. “They don’t know who did it. They didn’t apologise! I am cancelling everything we have with Discovery, including Sygnia’s medical aid. Our staff details might be compromised in the same way.”

She said she plans to take the matter “to regulators” on Thursday.

“I suggest you check if you have or could be affected — I would check everything you have via Discovery. Every policy. Every investment. Medical aid. Vitality. Discovery Bank,” she posted.

In reply to another user on X, she said: “This is enormous human error. My view would be that this is more likely internal fraud… The risks of financial data breaches to such an extent (each item you insured described in detail and valued) exposes you to serios personal security risks. As if I didn’t have to live with that before.”

Discovery South Africa’s official X account responded late on Wednesday to another X user – not directly to Wierzycka – posting: “Please allow us to clarify. This incident affected less than 20 Discovery Insure clients who received individual communication on 17 May and 5 June, outlining the event and offering support, including personal security consultations and physical premises security assessments.”

TechCentral has reached out to Discovery for further comment.  — (c) 2024 NewsCentral Media

  • This is a developing story

Read next: Dropbox suffers major security breach





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *