David Munro: Picture: FREDDY MAVUNDA
David Munro: Picture: FREDDY MAVUNDA

The life insurance industry is on high alert after the cyberattack and blackmail attempt on insurer Liberty. The firm had regained control of its IT systems by Sunday.

The insurance industry holds sensitive data on millions of clients, including their banking details and medical reports. Life offices often operate with many different computer systems.

Liberty dispatched a large team of IT and security specialists to investigate the breach of its IT infrastructure on Thursday. Its CEO, David Munro, said on Sunday criminals had hacked into an e-mail server and removed some recent messages, and possibly some attachments. There was no evidence that client data files had been taken, Munro said.

The hacking affected the core Liberty insurance business and did not spread to the group’s asset manager Stanlib or to its businesses outside SA.

Munro said he did not believe any Liberty customers would suffer from financial loss because of the cyberattack.

He would not confirm or deny if there had been inside help in the cyberattack, as a criminal investigation was under way. And he could not say whether the criminals were operating from inside or outside the country.

Sanlam CEO Ian Kirk, one of Liberty’s largest competitors, said his IT security team was also working around the clock to prevent a similar incident at their data centres.

“We have been given a lesson that cybercrime will become more frequent as digital commerce develops,” Munro said. But he was adamant that the task force the company had assembled had secured the group’s IT infrastructure.

Liberty clients woke up on Sunday morning to read e-mails and SMSes from the company, explaining that it had been subject to “unauthorised access” of its IT infrastructure.

The firm’s head of public affairs, Sydney Mbhele, confirmed that an external party claimed to have seized data, alerted the group to potential vulnerabilities in its IT systems and demanded payment. Munro said no concessions had been made to the criminals and Liberty would not meet their ransom demands.

Toby Shapshak, editor-in-chief of Stuff magazine, said there was no excuse for a financial institution to allow cyber criminals to break in so easily.

“There needs to be a multipronged approach to protection, like we have in our houses — walls, electric fences and burglar bars. In particular, data needs to be encrypted properly.”

Shapshak said that many more cyberattacks never got reported, or even detected. Typically, the identities of a few people were stolen and then sold on the black market.

“But the second category is when the attackers hack in so that they can quite publicly extort money from the target,” he said. “Embarrassing the organisation can also be a perk.”

But Shapshak said hacks such as these could often take months to organise and should not be confused with data breaches, where amateur hackers have been able to break into insecure databases.

The worst of these was the Masterdeeds series of leaks, which included the personal information of 60-million people — some of them dead.

The information was put on an unsecure site by Jigsaw Holdings, which owns estate agents such as Realty One and ERA.