Standard Bank addresses data breach delays
Standard Bank has said it took several days to disclose the latest data breach on its LookSee platform because its immediate focus was to get to the bottom of the issue first and establish how serious it was.
The institution on 9 December confirmed homeowners' data was compromised by a breach on the LookSee platform.
The platform is an online property guide that leverages Lightstone data to help homeowners manage their properties by providing house values and insights into communities where they are located.
A report on the Fin24 site notes that data of up to 745 000 registered properties was compromised.
‘Our immediate focus was on minimising the impact to the data subjects, determining the scope of the compromise and ensuring that the necessary due diligence was given to ensure any hasty steps taken did not impede any legal and criminal investigation,’ it said in a statement.
Business Day reported that Standard Bank knew about the breach on 30 November, nine days before communicating the problem to the public.
Standard Bank said it and Lightstone informed the Information Regulator ‘as soon as reasonably possible’ after discovering the breach.
Section 22(2) of the Protection of Personal Information Act states that once a bank or any other institution has reasonable grounds to believe its data was accessed or acquired by any unauthorised person, it must notify the Information Regulator and those affected ‘as soon as reasonably possible’.
However, is the Act doesn't specify what ‘soon as reasonably possible’ means in terms of time limits.
Article disclaimer: While we have made every effort to ensure the accuracy of this article, it is not intended to provide final legal advice as facts and situations will differ from case to case, and therefore specific legal advice should be sought with a lawyer.