March 11 2025 17:30
Pam Golding Properties sincerely regrets that we have experienced a cyber incident that resulted in unauthorised access to some of the personal information stored on our customer relationship management (CRM) system hosted on our servers in South Africa.
This information pertains to some of our clients. It is important to note that no banking details, financial information, commercial information and/or other documents were compromised.
On Friday 7 March 2025, a third party (unknown to us at this stage), gained unauthorised access to our system using a user account.
As soon as we became aware of the security compromise, we took immediate action to secure our systems and removed all unauthorised access. While investigating the impact of this incident, we also immediately began implementing steps to contain the incident and prevent any further compromises.
We have notified affected clients/parties of the compromise in terms of the Protection of Personal Information Act (POPIA), and reported details of this matter to the Information Regulator as required by law. We have also reported it to SAPS and a case number has been allocated.
We are taking this incident extremely seriously and are taking numerous steps to contain the incident and prevent any further recurrence.
The affected user accounts have been secured, all active sessions have been terminated, and we have reset passwords for all our user accounts system-wide. We have reviewed all system access logs to determine the extent of the breach and identify any affected data. We are patching any potential vulnerabilities and reinforcing our security protocol, and implementing additional monitoring tools to detect and respond to any future potentially suspicious activity.
We have also appointed independent cybersecurity specialists to investigate the incident and will adopt any appropriate recommendations to further enhance our existing access control measures.
In our communication to affected clients, and while we are still investigating the full scope of the incident, we have made them aware of potential risks, namely:
- as a third party accessed our system using a user account, client information may have been viewed or queried,
- cybercriminals sometimes use stolen information to send fraudulent emails or messages, purporting to be from trusted sources, and
- if personal details were accessed, there is a small risk of identity fraud, although we have no evidence of misuse at this time.
Accordingly, we have advised affected clients to be cautious about clicking on links and providing sensitive information, including bank pins and user login passwords. We have cautioned them that if they suspect that a person other than one of our authorised agents is attempting to contact them or obtain their personal information, they should contact our Information Officer via informationofficer@pamgolding.co.za, or the agent they usually deal with.
We take client privacy and security, and our privacy commitments under POPIA very seriously and sincerely regret any distress or inconvenience this incident may cause. While we are still in the process of fully investigating this incident, we will be implementing additional security measures to protect all information and to minimise the effect of this security compromise.
For further information visit www.pamgolding.co.za or email informationofficer@pamgolding.co.za.
247@propertyflash.co.za
