Magda Wierzycka is furious, after Discovery leaked some of her personal information to scammers. Less than 20 other clients were impacted, Discovery said. (Supplied)
- Discovery leaked the personal information of less than 20 of its customers to phone call scammers, including residential addresses and policy details.
- Sygnia co-founder and CEO Magda Wierzycka was one of the users impacted, and she took the matter to public media on Wednesday night.
- The company said an “impersonator” used information released in former data breaches to bypass Discovery’s customer verification systems.
- For more financial news, go to the News24 Business front page.
Sygnia CEO Magda Wierzycka is furious after her Discovery Insure policy information, and that of around 20 other Discovery users, was leaked by the company to phone call scammers.
Wierzycka, who is also the cofounder of the asset management firm, received communication from Discovery that some of her personal information had been given to a third party without her consent.
This apparently came after a scammer managed to bypass Discovery’s identification and verification screening process, likely using information from historical third-party breaches to do this.
Discovery said in a letter to Wierzycka, which she shared on X late on Wednesday 5 June, that “it picked up an incident where an impersonator called into the Discovery Insure call centre requesting your policy schedule”.
Wierzycka said she would cancel every Discovery product she has ever owned.
She wrote on X:
Discovery data breach. Where is an apology? Where is a suggestion as to what to do? Anything. I am canceling everything I have ever opened with Discovery. How does a company reveal your personal and insurance details via a phone? Does someone email it? Do they read out the details? Item by item?
Once a company’s data breach has been hacked, it is common for the information that was obtained to be released on the dark web for other nefarious actors to buy and use to perpetrate crimes.
The personal information, such as email addresses, passwords, contact numbers and residential addresses, of millions of South Africans are sitting in folders that bad actors have access to. This sort of information is used by most companies to verify the identity of customers before providing access to services.
One of the worst data breaches in recent years was from the credit bureau Experian, where the personal information of 24 million South Africans in 2020.
EXPLAINER | Experian data breach: What are credit bureaus and why they collect your data?
In a post in a thread under Wierzycka’s post Discovery said that less than 20 of its customers had been affected by this breach at this stage, detected as part of forensic and audit screenings.
Discovery said that affected clients have been notified of the breach between 17 May and 5 June, adding:
We take our responsibility in respect of data privacy incredibly seriously, which is why we alerted affected clients to take precautions.
The company clarified that its systems have not been affected in the breach.
News24 reached out to Discovery for more clarity on the matter, but the company did not immediately respond.
News24 also sent questions to the Information Regulator to confirm whether Discovery reported the breach to the body that enforces the Protection of Personal Information Act. No immediate response was received.
News24 will update this article if any responses are received.
Recent Comments