Momentum hit by cyber attack


Momentum Metropolitan, the parent company of Momentum, has alerted shareholders of a data breach on the network of one of its subsidiaries.

The company did not state which subsidiary was targeted by the attack, adding that it was conducting an extensive investigation into the security breach.

“Momentum Metropolitan hereby informs stakeholders that a third party unlawfully accessed a limited portion of data of a subsidiary of the Group,” the company said in a statement to shareholders.

“The Group became aware of a data breach on its network on Thursday 13 August 2020 and immediately activated its IT security incident plan, which included the implementation of additional systems monitoring and the reinforcement of its IT security.”

The company said that the hackers accessed administrative and financial data, adding that the data breach should not impact clients or stakeholders.

Momentum client and member data was not compromised in the breach, Momentum Metropolitan said.

“Information accessed contains administrative and financial data that is not expected to prejudice any stakeholders of the Group,” the company said.

“The Group has alerted the authorities and investigations are ongoing.”

MyBroadband asked Momentum which of its subsidiaries were affected by the data breach and to confirm the nature of the exploit.

The company said that it was currently unable to provide this information due to the sensitive nature of the investigation.

This follows after another high-profile data leak in South Africa’s medical sector – with medical data startup LogBox inadvertently exposing account access tokens to the public Internet.

LogBox’s security flaw was the result of a misconfigured firewall, and it potentially exposed the personal and private data of doctors and patients who use the platform.

The company has fixed the error, performed a full forensic audit, notified all of the institutions that use LogBox, and forced those whose LogBox accounts may have been affected to change their passwords.