Standard Bank Notifies Clients of Data Breach
- Standard Bank of South Africa has notified its business clients of a data breach involving unauthorized access to personal and corporate information.
- The breach exposed select client records, including account numbers, limited account information, business names, and identification or registration numbers.
- In an email to affected clients, Standard Bank stated, We are writing to inform you of a recent incident that involved unauthorised access to certain data within the...
Standard Bank of South Africa has notified its business clients of a data breach involving unauthorized access to personal and corporate information. The bank, which is Africa’s largest by assets, identified the incident on March 23, 2026.
The breach exposed select client records, including account numbers, limited account information, business names, and identification or registration numbers. According to a statement from the bank, the specific information accessed may differ from person to person.
Scope of the Data Incident
In an email to affected clients, Standard Bank stated, We are writing to inform you of a recent incident that involved unauthorised access to certain data within the Standard Bank of South Africa’s environment
.
The bank clarified that its transactional banking systems were not accessed and remain secure and operational. No client funds were affected and accounts remain secure.
We identified unauthorised access to select data and immediately took steps to enhance our environment to mitigate the impact. Our transactional banking systems were not accessed, remain secure and operational, and available to all our clients. No clients’ funds are affected and accounts remain secure.
Standard Bank
The bank has reported the incident to regulatory authorities and launched a full investigation supported by external experts. Standard Bank has also strengthened its monitoring mechanisms to detect and prevent further suspicious activity.
Related Security Breaches
This incident follows a separate data breach involving Liberty, a subsidiary of Standard Bank, which occurred in late March 2026 and affected its own clients. When queried by ITWeb, Standard Bank declined to comment on whether the breach of its business client data is related to the breach at Liberty.
Risk Mitigation and Client Recommendations
Standard Bank warned that the nature of the accessed information increases the risk of identity theft, phishing attempts, and fraud. Specifically, the bank noted that unauthorized parties could use the data to impersonate clients or contact them through fraudulent emails, messages, or calls.
In a newsroom update dated April 2, 2026, the bank advised clients to adopt several precautionary measures:
- Update banking passwords on digital banking platforms and social media platforms.
- Enable digital authentication on the Standard Bank mobile banking app.
- Use strong, unique passwords and enable biometric authentication where possible.
- Register for protective registration with the Southern African Fraud Prevention Service, which is a free service.
- Immediately contact the bank or a Relationship Manager if suspicious activity is noticed on bank accounts or cards.
The bank further reminded clients to never share personal information, such as passwords and PINs, via phone, fax, text message, or email.
Standard Bank stated that it continues to comply with all legal and supervisory obligations within its regulatory framework and that the protection of client information remains its top priority.