South Africa's Postbank has been forced to replace 12 million bank cards after the bank’s master key was stolen by employees. According to Sunday Times, the security breach exposed the personal data of millions social grant beneficiaries and other account holders.
The report says the cause of the breach was the bank’s master key, which was left in plain text at the Postbank's old data centre in the Pretoria city centre. The master key was then stolen by employees.
The master key is a 36-digit code that allows anyone in possession of it to gain access to the bank's systems, and to read and rewrite account balances, change information and data on any of the bank's 12-million cards.
According to the report, the security breach affected between 8 million and 10 million beneficiaries who receive social grants from the Postbank every month, as well as nearly 1 million of Postbank account holders.
The bank’s financial crime overview report seen by Sunday Times indicates that for the period from March 2018 to December 2019, the Postbank lost R56 million (approx. $3 million) stolen from bank cards of social grant beneficiaries to criminals who generated the master key.