Staying One Step Ahead: A Security Update Regarding Executive Data

In the interest of keeping our community secure, we want to share some context regarding the recent Standard Bank data incident you may have seen in the news.

While our internal systems are perfectly safe, it has been confirmed that some high-level Executive information (such as names and ID numbers) was involved in an external leak at Standard Bank.

Why this matters to all of us

When an attacker gets their hands on an Executive’s personal details, they don’t always try to "hack" a computer. Instead, they try to "hack" a person. They use that stolen info to pretend to be a leader you know and trust, hoping that the familiar name will cause us to lower our guard.

What to look out for (The "How")

Scammers are becoming incredibly good at "Social Engineering." Here is how they might use this leaked info to reach out to you:

• The "Secret Project" Email: You might get a message from a "Director" asking for help with a confidential task that needs to happen right now.

• The Identity "Proof": To make their request look real, a scammer might reference specific details—like an ID number or a business registration—to "verify" who they are over the phone or WhatsApp.

• The Policy Skip: They often ask you to bypass our usual checks (like a formal PO or a secondary approval) because they are "in a meeting" or "traveling."

  
  

How we can work together

We aren't asking you to stop being helpful, that’s what makes a team great. We’re just asking for a little extra "healthy skepticism":

• The Quick Double-Check: If a request feels unusual or out of character for an Executive, just send them a quick separate ping on Slack or give them a call. They will appreciate your diligence much more than they’ll mind the 30-second interruption.

• Protect Your Own Profile: Even though this leak was specific to Executives, it’s a great reminder for everyone to check out the SAFPS (Southern African Fraud Prevention Service) at safps.org.za. It’s a free service that helps prevent anyone from using your ID to open accounts.

• Report, Don't Delete: if you see something suspicious, please let the IT team know. Your "heads up" might be the warning that saves a colleague from falling for the same trick.

  
  

Security is a team sport, and we appreciate you helping us keep our playbooks tight.