Nedbank service provider's IT systems have been breached, exposing personal information of up to 1.7 million clients, said the bank on Thursday.
Computer Facilities, which does direct marketing for Nedbank by sending short messages and email marketing information on behalf of the bank, was breached. The bank said there was some "potentially compromised data" which included names, identity cards numbers, telephone numbers, physical and/or email addresses.
"We regret the incident... and the matter is receiving our urgent attention. The safety and security of our clients' information is a top priority," said Nedbank CEO Mike Brown, adding that the bank systems or client accounts were not impacted.
"We are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities," said Brown.
Nedbank group Chief Information Officer Fred Swanepoel said they have secured and destroyed all their client information held by Computer Facilities.
Last year the City of Johannesburg's system was hacked and some payment in bitcoins were demanded. In 2017 South Africa's insurance company Liberty was hacked and demanded ransom.