Pam Golding confirms data breach in SA

Property giant Pam Golding has confirmed its systems were breached last week, once again exposing the data of ordinary South Africans held by a corporate entity. 

“Pam Golding Properties sincerely regrets that we have experienced a cyber incident that resulted in unauthorised access to some of the personal information stored on our customer relationship management (CRM) system hosted on our servers in SA,” the property company said in a statement. 

According to the company, on March 7 an unknown third party gained unauthorised access to its system using a user account.

This information pertains to some of the company’s clients.

Pam Golding tried to reassure clients “no banking details, financial information, commercial information and/or other documents were compromised”.

Affected clients were notified as per the Protection of Personal Information Act (Popia), the breach was reported to the Information Regulator and a case opened with the SA Police Service. 

This adds to the growing number of organisations that have been breached. Worryingly, many of these incidents go unreported or undisclosed, an issue the regulator has sought to improve using the Popia. 

Cybersecurity firm Check Point Software Technologies recently reported that online attacks on digital infrastructure, systems, organisations and consumers cost SA 1% of its GDP. 

Check Point said SA had 3,312 attacks weekly on government entities and had seen a 90% surge in ransomware

This would amount to about $3.8bn (R69bn), using World Bank figures for 2023.

Estimates on the effect of cyberattacks, however, vary greatly. In early 2023, the Council for Scientific and Industrial Research (CSIR) estimated cybercrimes cost SA about R2.2bn/year.

One of the biggest reasons for the variations lies with an unwillingness by organisations — public and private — to admit when they have been breached, for fear of reputational damage or loss of trust by customers. 

“We are taking this incident extremely seriously and are taking numerous steps to contain the incident and prevent any further recurrence,” the real estate company said. 

“The affected user accounts have been secured, all active sessions have been terminated, and we have reset passwords for all our user accounts system-wide. We have reviewed all system access logs to determine the extent of the breach and identify any affected data.

“We are patching any potential vulnerabilities, reinforcing our security protocol and implementing additional monitoring tools to detect and respond to any future potentially suspicious activity.”

Independent cybersecurity specialists have been appointed to investigate the incident. 

Pam Golding has not stated the possible cost of the breach. 

According to insurer Allianz Commercial, SA ranks 14th for the highest average in insurance claims associated with data breaches and cybercrime.

The October 2024 report by the Allianz unit indicates that insurance claims involving cybercrime have risen in the past year, due largely to an increase in data and privacy breaches.

The cost of claims involving data breaches in SA reached $2.78m (R49.05m) in 2024, it said. The US had the highest average at $9.36m, followed by the Middle East ($8.75m), Benelux ($5.90m), Germany ($5.31m) and Italy ($4.73m).

Allianz Commercial warned that this was likely to get worse as cybercriminals harnessed AI and other advanced technologies.

gavazam@businesslive.co.za