African newspaper revealed that the incident took place in December 2018 when someone from within the bank stolen the bank’s master key on a piece of paper from their old data center which is located in Pretoria.
The bank conducted internal audits and suspects employees behind the breach. The breach will cost R1 billion which is $58 million in dollars to replace all customer cards, which have been generated with that master key.
According to the report, the attackers were able to change the account balances of any customer account or reset or making top-ups in Postbank cards. The bank reported 25,000 fraudulent transactions in December 2019. Around 8-10 million cardholders were affected by the breach, besides stealing funds the attackers could have exfiltrated personal information of Postbank customers.
The bank will replace normal cards, including those cards which receive government social benefits. The bank officials have yet to confirm that those affected by the fraudulent acts will be reimbursed for their losses. “It appears that the significance of magnitude of this card breach may have been comprehended by Postbank operations and IT senior management,” former chief risk officer Benjamin April said in a January report.