Obscure Technologies Blog

Postbank to replace 12m bank cards after security breach | ITWeb

Written by ITWeb | Jun 13, 2020 10:00:00 PM

The Postbank is having to replace about 12 million bank

cards at a cost of R1 billion after a major security breach that exposes the personal data of millions of social grant beneficiaries and other account holders, Sunday Times reports.

The report says the breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre.

According to a number of internal Postbank reports, the master key was then stolen by employees, says Sunday Times.

It notes that one of the reports said that the cards would cost about R1 billion to replace. The master key, a 36-digit code, allows anyone who has it to gain unfettered access

to the bank's systems, and allows them to read and rewrite account balances, and change information and data on any of the bank's 12-million cards.

Those who have been affected by the breach include between eight million and 10 million beneficiaries who receive social grants from the Postbank every month.

Sunday Times says about one million more Postbank account holders have also been affected. Their personal data is now in the hands of the "criminals" who stole the master key.

An internal Postbank financial crime overview report, dated December, which the Sunday Times also obtained, shows that between March 2018 – three months after the master key was generated – and December 2019, the bank recorded about 25 000 fraudulent transactions in which R56 million was stolen from grant beneficiaries. The money was stolen from social grant cards.