Protecting our clients’ personal information is one of our top priorities and we have robust and state-of-the-art information security systems in place to protect your data.

Despite our best efforts, we have recently been informed that QSURE (Pty) Ltd (“QSURE”), a financial services provider that MUA indirectly used to collect our clients’ premium, has been subject to illegal and unauthorised access to its IT Infrastructure.

The perpetrators of this breach have obtained limited personal information, which includes banking details, limited to the account holders name, bank account numbers and bank branch codes. Please note that credit card account details were not stored on compromised systems and databases, nor were any identity numbers or any form of contact details or policy content compromised.

Once the attack was discovered, QSURE immediately isolated its IT network and shut down its systems. The incident was reported to the Information Regulator and the Financial Sector Conduct Authority (FSCA) and QSURE appointed three industry-leading and independent cyber-forensic and security technology firms to conduct a detailed forensic investigation into the incident.

QSURE have alerted all banks to monitor for any unusual activity on the accounts affected by this breach.

The information available shows that the data breached relates to transactions for the period January 2014 to September 2018 only.

MUA terminated the utilization of the affected system in October 2018 and formally ended its business relationship with the company on 31 August 2020.   For your information, during MUA’s relationship with the company, it was known as Insure Group Managers (“IGM”), but it has subsequently been sold to QSURE.

While we believe the risk is minimal, please find below some additional precautionary measures that you can take:

• Register for your Bank’s cellphone notification service and receive electronic messages relating to activities or transactions on your accounts as and when they occur.
• Review your account statements on a timely basis; query disputed transactions with your Bank immediately.
• Monitor especially for small amounts being deducted from your account. 
• Verify all requests for personal information and only give it out when there is a legitimate reason to do so.
• Inform your Bank of your cellphone number changes so that your cellphone notification contact number is updated on its systems.
• Regularly verify whether the details received from cellphone notifications are correct and according to the recent activity on your account. Should any detail appear suspicious immediately make contact with your Bank and report all log-on notifications that are unknown to you. 
• You can also choose to be part of the SAFPS (South African Fraud Prevention Service) database.  If you decide to elect this service, you’ll be issued with a number and when you apply for credit or when you open accounts, you may be required to quote this number.  

If you have any queries relating to this incident, please contact your broker.  As we learn more, we will share that information with you.

Credits: Photographer rawpixel.com, source: freepik.com