The Information Regulator, an independent statutory body established under the Protection of Personal Information Act (POPIA), is currently investigating data breaches at Standard Bank and Liberty Group. The breaches were reported on March 23, 2026, raising significant concerns regarding the protection of personal information.
While Standard Bank has not disclosed how many clients were affected by the data breach, it has confirmed that its systems remain secure despite the incident. However, the personal information that may have been exposed includes names, ID numbers, and company registration details.
Liberty Group has acknowledged that an external party gained access to customer data, further complicating the situation. The Information Regulator has received a total of 788 data breach notifications from South African organizations in the first quarter of 2026, indicating a growing trend of data security issues.
Nomzamo Zondi, a representative from the Information Regulator, expressed concern about the implications of the data breach, stating, “We are very concerned [about the data breach] and the implications it has on the data protection of data subjects.” This highlights the seriousness of the situation and the potential risks to affected individuals.
Deborah Lamola, another official from the Information Regulator, noted, “Given what we are finding in the notification and what Standard Bank is providing to us, we will then determine the terms of the gravity of the compromise and the appropriate action to take.” This suggests that the investigation is ongoing and that further actions may be forthcoming.
Details remain unconfirmed regarding the full extent of the data breaches at both Standard Bank and Liberty Group, as well as the exact number of clients affected by the Standard Bank breach. The Information Regulator has not yet made a decision to issue an information notice regarding these breaches, leaving many questions unanswered.
