South African insurance firm Liberty said it suffered a cyberattack last week after hackers breached its IT infrastructure, accessed some data and demanded a ransom payment. The company said it was notified of the illegal unauthorized access late Thursday evening.

“We did engage with the external parties involved to determine their intentions, but we made no concession in the face of this attempted extortion,” Liberty CEO David Munro said on Sunday in Johannesburg. “Liberty is at an advanced stage of investigating the extent of the data breach, which at this stage, seems to be largely emails and possibly attachments.”

According to Liberty's website, the 60-year-old firm has over 2.5 million life insurance policies and administers over 10,000 retirement plans and 500,000 individual and institutional investment customers.

Liberty said it has already identified and addressed certain vulnerabilities in its IT infrastructure to secure customer data. However, it said there is currently no evidence "at this stage" to suggest that its customers suffered any financial losses as a result of the breach.

Clients have been notified of the breach via text message. However, the company said no further action is required of Liberty's customers at this point in time. The insurer said it would inform customers directly if it is discovered that they have been impacted by the breach.

“We have gone to extreme lengths to enforce our IT infrastructure to ensure our customers’ information is protected," Munro said. “We totally understand the concerns they might have about the impact of this act of criminality."

The company said it has notified relevant authorities and are working with them to investigate the breach. It is currently unknown how the breach occurred or who the perpetrators were.

“It’s fair to say an event like this is not something one can prepare for specifically. We prepare for them generally, but when an event like this takes place, it’s out of the blue," Munro said. "This occurred on Thursday evening. It took a couple of days before deciding we should inform customers and ensure that we can safely move into the public domain, as it is a complex matter."

The breach is believed to be limited to Liberty insurance operations and emails in South Africa, noting it has no reason to believe customers of Standard bank Group - which controls Liberty - has been affected unless they are customers of the insurer as well.

“There is no inter-connection when it comes to Liberty and Standard Bank systems,” Munro said. “This was an infiltration of our network and a specific email system or repository of email data. It looks like the bulk of the data they stole from us is email, relatively recent rather than deeply dated.”

Cyware Publisher