Curo Fund Services is investigating the cause of the ransomware attack suffered last week, according to a report from the Sunday Times.
The investment administration provider was unable to access its systems for five days following the attack.
Curo has approximately R2 trillion in assets under management. Although the cash was not at risk, the outage prevented Curo’s financial services provider customers from processing investment-related instructions or offering other services.
Its asset management clients include Old Mutual, Sanlam Investments and Futuregrowth Assets.
Futuregrowth Assets halted all trading to protect its clients from potential exposure until Curo resolves the crisis five days later.
“Curo is part of the central value chain of our business cycle, investment administration, net asset value pricing and reporting,” The Sunday Times quoted Futuregrowth Assets as saying.
“Our clients’ investments were safe, but our client flows were impacted and our ability to report daily valuations to clients was suspended during this time.”
Futuregrowth has R186 billion in assets under Curo’s management and said none of its clients’ data or investments were compromised.
Old Mutual has assets worth R1.3 trillion under Curo’s management.
“During this period, the outage affected Curo’s ability to provide us with pricing for some of our Old Mutual Unit Trust portfolios,” Old Mutual said.
“We are in the process of applying the updated prices to these wallets, for customers who have made transactions.”
“No individual customer data or investment has been compromised as personal customer data resides on Old Mutual systems and is not shared with Curo,” he added.
The attack reportedly took place on January 19, and Curo regained full access to its systems the following Monday, January 24.
The investment administration provider has launched an investigation “to establish the origin, nature and extent of this incident in order to assess possible data breaches”.
“We have already implemented additional security measures to protect against further unauthorized access, and we will continue to monitor suspicious activity,” the company said.
“Based on expert advice, we did not engage with affected parties and focused on restoring our operational capability. Working with cybersecurity specialists, we were able to isolate and then restore our systems safely. “
“Our operations teams, working closely with our clients, then processed all open transactions, and we are back to business as usual,” Curo added.
Sanlam said it communicated with its customers after the attack to assure them that their personal information, assets and investments remained safe.
Curo is the latest in a growing list of private and public sector companies to fall victim to a ransomware attack.
Last year the justice department and Transnet have been victims of ransomware attacks. Third-party debt collector Debt-In was also the victim of a ransomware attack in April 2021, exposing customer data from clients such as African bank and Telkom.