Magda Wierzycka is furious that Discovery shared some of her personal information with scammers. Discovery says fewer than 20 other customers were affected. (Supplied)
- Discovery leaked personal information of fewer than 20 customers, including addresses and insurance details, to phone scammers.
- Sygnia co-founder and CEO Magda Wierzycka was one of the affected users, and she took the issue to public media on Wednesday night.
- The company said “impersonation thieves” used information made public in a previous data breach to circumvent Discovery's customer authentication system.
- For more financial news, News24 Business homepage.
Signia CEO Magda Wierzycka is furious that her Discovery Insurance details, along with those of around 20 other Discovery Insurance customers, were leaked by the company to phone scammers.
Wierzycka, who is also a co-founder of an asset management company, said she was contacted by Discovery to say some of her personal information had been provided to third parties without her consent.
This apparently happened after the fraudsters circumvented Discovery's identity and verification screening process, likely by using information from a previous third-party breach.
“We have captured an incident in which an impersonator called the Discovery Insure call center and asked about your insurance schedule,” Discovery said in a letter shared by Wierzyczka on X late Wednesday, June 5.
Wierzyczka said he would cancel all Discovery products he previously owned.
She wrote to X:
Discovery data breach. Where is the apology? Where are the suggestions for what to do? Anything goes. I will cancel everything I have opened with Discovery. How can a company give away personal information and insurance details over the phone? Would someone email it? Read the details out loud? Item by item?
When a company is hacked, data breaches often result in the information being published on the dark web, where other malicious actors can purchase it and use it to commit crimes.
Personal information such as email addresses, passwords, contacts and addresses of millions of South Africans is stored in folders that can be accessed by malicious actors. Most companies use this type of information to verify the identity of their customers before providing access to their services.
One of the worst data breaches in recent years was by credit reporting company Experian, which exposed the personal details of 24 million South Africans in 2020.
Commentary | Experian data breach: What are credit reporting agencies and why do they collect data?
Discovery said in a thread below Wierzyczka's post that fewer than 20 customers were affected by the breach at this stage, which was detected as part of its forensic investigation and audit screening.
Discovery said it notified affected customers about the breach between May 17 and June 5, adding:
We take our data privacy responsibilities very seriously and have therefore alerted affected clients to take precautions.
The company said its systems were not affected by the breach.
News24 contacted Discovery for further clarification on the matter but the company did not immediately respond.
News24 also sent questions to the information regulator to see whether Discovery had reported the breach to the agency that enforces data protection laws. There was no immediate response.
News24 will update this story if there is any response.