Qsure has created an alternative IT network after cyber-attackers gained unauthorised access to and exfiltrated data from its systems.
Preliminary investigations show the information includes banking details of policyholders who are clients of Qsure’s insurers and brokers.
The data is limited to account holder name, bank account numbers and sort codes. Policyholder credit card account details are not stored on the company’s systems, nor are policyholder identity numbers, contact details or policy content, the company said.
Three independent cyber forensic and security companies are investigating the incident.
The company is also reviewing its cyber security measures and will implement any necessary upgrades or improvements to further secure information on its systems. Its alternative network is isolated and has no links to the former system.
Qsure has informed clients of the data breach and reported it to the Information Regulator and the Financial Sector Conduct Authority.
“We take the safety and security of our clients’ data extremely seriously and continue to take the necessary steps to protect and secure it against any future attacks,” it said.
“The company apologises for the disruption caused by this illegal breach and will continue to update its business partners.”
Headquartered in Randburg near Johannesburg, Qsure specialises in providing debit order collection and payment services for the insurance industry. It handles more than ZAR1.1bn ($77m, €65m) of premiums monthly for over 250 intermediaries.
Missed PrivSec Global’s livestream experience? No problem, simply click here to access the sessions on demand.