ALERT: WEBSITE NOTICE TO - ALL CLIENTS, FINANCIAL SERVICES PROVIDERS, OTHER SERVICE PROVIDERS OR PERSONS DOING BUSINESS WITH THE COMPANY AND PAST AND PRESENT STAFF MEMBERS
Section 22(1)(b) Notice
In accordance with section 22(1)(b) of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("the Act"), the company hereby notifies all those persons to whom any personal information relates who are clients of the company, financial services providers and other service providers or persons doing business with the company, as well as all past and present staff members, that:
1. the company has received a cyber-security report confirming that it has been the subject of a coordinated social engineering attack by a person or persons unknown who illegally targeted its data files; and
2. the company's cyber-security consultants, iSquared, believe that this compromise was made possible due to the lockdown regulations requiring staff to work remotely from home; and
3. despite this act of criminality, the company's IT business infrastructure remains robust, has continued to operate and function without any loss of data, is secure and under its control, with an off-site business continuity platform, with full replicated data, to enable immediate recovery should the need arise; and
4. no client investments or monies have been affected; and
5. in accordance with section 22(5) of the Act, the following information is provided to allow all clients of the company, financial services providers and other service providers or persons doing business with the company, as well as all past and present staff members, to take protective measures against the potential consequences of this unfortunate incident, namely -
5.1 as per sub-section 22(5)(a) of the Act, the company hereby sets out a description of the possible consequences of the security compromise, namely that, as a result of the attacker gaining access to and copying a file server, the prescribed personal information the company is obliged to obtain from those doing business with it or employed by it, in terms of, amongst others, the Financial Intelligence Centre Act, 2001 (Act No. 38 of 2001), the Financial Advisory and Intermediary Services Act, 2002 (Act No. 37 of 2002) and the Income Tax Act, 1962 (Act No. 58 of 1962) could be disclosed to third parties or exploited by the attacker for personal or commercial gain; and
5.2 as per sub-section 22(5)(b) of the Act, the company hereby sets out a description of the measures the company has taken to address the security compromise, namely the company's cyber-security consultants have, amongst others,:
- prioritized the immediate protection of information, which comprises both business data files and client data files; and
- initiated the company's off-site business continuity back-up system to have the company back online without any disruption should the need arise; and
- undertaken an in-depth investigation and interrogation of the company's entire IT environment and infrastructure; and
- scrubbed and rebuilt all its computers, as an extra precaution, installing all new and clean software; and
- advised the company that they have further enhanced the company's IT infrastructure with security protocols of an exceptionally high standard; and
5.3 as per sub-section 22(5)(c) of the Act, the company hereby sets out a description of the measures recommeded to be taken to mitigate the possible adverse effects of the security compromise, namely:
- change all passwords required when dealing with or on the company's platform; and
- regularly change passwords, both on the company's platform and other platforms; and
- monitor electronic devices for any abnormal behaviour or activity and be vigilant at all times; and
- confirm electronic correspondence to and from the company with an in person communication; and
- monitor inboxes for suspicious looking phishing emails and immediately delete them, without opening them; and
- do not link on an email to change passwords.
5.4 as per sub-section 22(5)(d) of the Act, the company hereby confirms that the real identity of the unauthorised person who accessed or acquired the personal information is unknown, but the company will continue to investigate this further and assist the authorities where required.
Questions & Answers
Given the formalistic nature and tone of the above notification required in terms of the Act, a list of Questions & Answers has been compiled to provide as much information as possible to assist clients, financial services providers and other service providers or persons doing business with the company, as well as all past and present staff members. The Questions & Answers are incorporated by reference as additional information to the above section 22(1)(b) notice prescribed by the Act.
Click here to read the Questions & Answers.
Section 22(1)(b) Notice
In accordance with section 22(1)(b) of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("the Act"), the company hereby notifies all those persons to whom any personal information relates who are clients of the company, financial services providers and other service providers or persons doing business with the company, as well as all past and present staff members, that:
1. the company has received a cyber-security report confirming that it has been the subject of a coordinated social engineering attack by a person or persons unknown who illegally targeted its data files; and
2. the company's cyber-security consultants, iSquared, believe that this compromise was made possible due to the lockdown regulations requiring staff to work remotely from home; and
3. despite this act of criminality, the company's IT business infrastructure remains robust, has continued to operate and function without any loss of data, is secure and under its control, with an off-site business continuity platform, with full replicated data, to enable immediate recovery should the need arise; and
4. no client investments or monies have been affected; and
5. in accordance with section 22(5) of the Act, the following information is provided to allow all clients of the company, financial services providers and other service providers or persons doing business with the company, as well as all past and present staff members, to take protective measures against the potential consequences of this unfortunate incident, namely -
5.1 as per sub-section 22(5)(a) of the Act, the company hereby sets out a description of the possible consequences of the security compromise, namely that, as a result of the attacker gaining access to and copying a file server, the prescribed personal information the company is obliged to obtain from those doing business with it or employed by it, in terms of, amongst others, the Financial Intelligence Centre Act, 2001 (Act No. 38 of 2001), the Financial Advisory and Intermediary Services Act, 2002 (Act No. 37 of 2002) and the Income Tax Act, 1962 (Act No. 58 of 1962) could be disclosed to third parties or exploited by the attacker for personal or commercial gain; and
5.2 as per sub-section 22(5)(b) of the Act, the company hereby sets out a description of the measures the company has taken to address the security compromise, namely the company's cyber-security consultants have, amongst others,:
- prioritized the immediate protection of information, which comprises both business data files and client data files; and
- initiated the company's off-site business continuity back-up system to have the company back online without any disruption should the need arise; and
- undertaken an in-depth investigation and interrogation of the company's entire IT environment and infrastructure; and
- scrubbed and rebuilt all its computers, as an extra precaution, installing all new and clean software; and
- advised the company that they have further enhanced the company's IT infrastructure with security protocols of an exceptionally high standard; and
5.3 as per sub-section 22(5)(c) of the Act, the company hereby sets out a description of the measures recommeded to be taken to mitigate the possible adverse effects of the security compromise, namely:
- change all passwords required when dealing with or on the company's platform; and
- regularly change passwords, both on the company's platform and other platforms; and
- monitor electronic devices for any abnormal behaviour or activity and be vigilant at all times; and
- confirm electronic correspondence to and from the company with an in person communication; and
- monitor inboxes for suspicious looking phishing emails and immediately delete them, without opening them; and
- do not link on an email to change passwords.
5.4 as per sub-section 22(5)(d) of the Act, the company hereby confirms that the real identity of the unauthorised person who accessed or acquired the personal information is unknown, but the company will continue to investigate this further and assist the authorities where required.
Questions & Answers
Given the formalistic nature and tone of the above notification required in terms of the Act, a list of Questions & Answers has been compiled to provide as much information as possible to assist clients, financial services providers and other service providers or persons doing business with the company, as well as all past and present staff members. The Questions & Answers are incorporated by reference as additional information to the above section 22(1)(b) notice prescribed by the Act.
Click here to read the Questions & Answers.
.
Who We Are
IP Management Company
|
IP Management Company (RF) (Pty) Ltd (“IPMC”) is a collaboration between established financial services businesses, which have operated unit trust funds in their own right for between five and ten years. These businesses compete and promote their products independently, but co-exist in a synergistic relationship within IPMC, creating a business with depth of resources and diversification of assets under administration.
|
Disclaimer
By accessing this website, you acknowledge that you are aware of and consent to the terms and conditions applicable, and that the website is intended for South African investors. It is not intended or permitted to be accessed by any person who is not an Intended Investor, including any person (natural or juristic) who is located in or is resident of the United States of America. The information contained in or on the website does not constitute an offer or an invitation to subscribe for or make use of any service or investment by a person, whether natural or legal, which is resident or situated in any jurisdiction where such offer or invitation would be unlawful, or in which IP Management Company is not qualified to make such offer or invitation, or to persons to whom it would be unlawful to make such offer or invitation.
|