In the hierarchy of cybersecurity mishaps, consumer data privacy breaches are probably the most costly for companies. The damages often go beyond financial losses for the company or the harm to customers. In the trust business, losing customer trust does not bode well for any company.
Data breaches expose customers to risks like identity theft and fraud, but consumers have some power to act when companies fail to protect their data.
In many countries, including South Africa, laws like the Protection of Personal Information Act (POPIA), 2013 require companies to notify affected consumers and report breaches to regulators.
Consumers can file complaints and, in some cases, pursue legal action for damages caused by a company’s negligence.
In September 2024, Telkom, South Africa’s third-largest telco with 21 million subscribers, was breached in an incident that saw the perpetrator gain access to crucial information on its customers. However, there was no reported financial loss to these customers.
The breach occurred when an unnamed franchisee employee allegedly accessed and shared Telkom customer data with a third-party company, which then used the information to poach clients.
Telkom responded swiftly to the data breach. The company notified the impacted customers and reported the incident to the Information Regulator, as required by POPIA.
On Wednesday, Telkom received a high court order to raid both the third party’s premises and the employee’s residence, seizing records to assess the full extent of the breach.
While Telkom may still get a slap on the wrist for employee negligence, the telco could still walk away without litigation due to the alarm bells it raised and the subsequent follow-ups to its affected customers.
