Exploit: Phishing (Impersonation Scheme)
Experian: Credit Rating and Monitoring Firm

Risk to Small Business: 1.394 = Extreme

In an audacious impersonation scheme, a hacker convinced staffers at Experian that they were a client who should be allowed to access consumer data to create insurance and credit-related marketing leads, enabling them to obtain information about 24 million citizens and 794,000 businesses. The hacker has been apprehended and the devices used confiscated. Experian maintains that no financial or sensitive data was compromised, but the incident and the extent of the damage is still being investigated.

Individual Risk: 1.591 = Severe

At this time, Experian is not reporting that any sensitive financial or personal data was stolen, but this is an incident that could have long-reaching implications for South African consumers and businesses, and there is no guarantee that PII or financial data wasn’t compromised. Consumers and businesses should use caution in communications around financial topics and be alert for fraud, identity theft or spear phishing attempts

How it Could Affect Your Customers’ Business: Handing out information to hackers in a conversation is just as bad as opening an infected email attachment – they’re both phishing, one’s just dressed up differently. Failing to update employee training to raise awareness of phishing dangers that go beyond suspicious email attachments (especially now that messaging and SMS are popular formats for phishing attacks) opens companies up to diasters like this one.

Source:
https://portswigger.net/daily-swig/experian-south-africa-data-breach-may-impact-millions-of-residents