An unauthorised third party, whose identity remains unknown, accessed clients’ personal information on the company’s customer relationship management system.
Real estate giant Pam Golding Properties has announced that it has suffered a data breach of its customer relationship management system hosted on its servers in South Africa.
The company said the incident occurred last Friday and involved an unknown third party that gained access to its systems through a user account.
“This information pertains to some of our clients. It is important to note that no banking details, financial information, commercial information and/or other documents were compromised.”
Protection of personal information
Pam Golding said as soon as it became aware of the security compromise, it took immediate action to secure our systems and removed all unauthorised access.
“While investigating the impact of this incident, we also immediately began implementing steps to contain the incident and prevent any further compromises.
“We have notified affected clients/parties of the compromise in terms of the Protection of Personal Information Act and reported details of this matter to the Information Regulator as required by law. We have also reported it to the South African Police Service, and a case number has been allocated,” Pam Golding said.
ALSO READ: Critical aviation and marine services ‘interrupted’ by SA Weather hack
Data breach
Pam Golding said it is taking this incident extremely seriously and is taking numerous steps to contain the incident and prevent any further recurrence.
“The affected user accounts have been secured, all active sessions have been terminated, and we have reset passwords for all our user accounts system-wide. We have reviewed all system access logs to determine the extent of the breach and identify any affected data.
“We are patching any potential vulnerabilities and reinforcing our security protocol, and implementing additional monitoring tools to detect and respond to any future potentially suspicious activity,” it said.
Pam Golding said it has also appointed independent cybersecurity specialists to investigate the incident and will “adopt any appropriate recommendations to further enhance our existing access control measures.”
ALSO READ: Average cost of a data breach in SA is R53.1m – Report
Investigating
The company said client information may have been viewed or queried as a result of the incident.
“If personal details were accessed, there is a small risk of identity fraud, although we have no evidence of misuse at this time,” it said.
Information that may have been compromised includes customer contact details and ID numbers. It said electronic copies of client documents provided to Pam Golding were not accessed or viewed by the third party.
“Accordingly, we have advised affected clients to be cautious about clicking on links and providing sensitive information, including bank Pins and user login passwords. We have cautioned them that if they suspect that a person other than one of our authorised agents is attempting to contact them or obtain their personal information, they should contact our information officer via informationofficer@pamgolding.co.za or the agent they usually deal with,” the company said.
Pam Golding said that while it is still in the process of fully investigating this incident, it will be implementing additional security measures to protect all information and to minimise the effect of this security compromise.
ALSO READ: How to stay cybersafe and avoid cybercrime when travel planning
Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.