It is understood that the majority of Standard Bank credit card customers may have been affected by the data breach.
Standard Bank has lifted the lid a little on the extent of a privacy breach that is believed to have affected the majority of its customers.
South Africans who have credit accounts with the biggest lender in Africa by assets woke up to an email informing them that some of their credit card information had been compromised. This is the latest discovery by the bank following a breach that it experienced on 23 March 2026.
“We understand that trust is earned, and we are committed to being transparent and proactive in keeping you informed,” said the lender in the email to customers.
Fraudsters hit Standard Bank clients
Previously, the lender had said only personal information was compromised by the data breach, but now it seems their investigations keep revealing more has been leaked.
According to information gathered by The Citizen the latest information by investigators at Standard Bank has revealed that credit card numbers and expiry dates have been compromised. However, the email to clients only said “Credit Card Number”.
Additionally, bank statements have been compromised, but it remains unclear whether the breach affects only customers with credit accounts or also includes those with debit accounts.
‘Majority’ may be affected
The bank told The Citizen that “in a limited number of cases, the affected information also includes credit card details, specifically card number and expiry date, but CVV numbers are not impacted.”
“We are communicating directly with those clients and proactively replacing their cards as a precaution.”
Despite this assurance, one customer told The Citizen that they had to reach out to the bank to start the replacement process, rather than the bank taking the initiative.
They said they felt let down by the banks’ “nonchalant” attitude towards what appears to be a serious breach.
The Information Regulator has also raised concerns and demanded greater transparency from Standard Bank regarding the breach.
The lender said only some of its 19.6 million South African customers have been affected by the breach. However, information given to The Citizen suggests that the ‘majority’ of its credit card customers may have been affected.
Standard Bank operates in 20 countries across Sub-Saharan Africa and in 6 global financial centres.
Transactional systems were not accessed
The bank on Tuesday also referred The Citizen to an earlier update on the breach, but omitted an edit that confirmed that contact details, such as phone numbers or email addresses, and account numbers had been compromised
In the first update, Standard Bank said “our banking systems were not impacted”, but in the email to customers sent on Monday, the lender said, “transactional systems were not accessed”.
Banking systems refer to the core platforms used by financial institutions to manage customer accounts, balances, loans, and other services, effectively serving as the central record of all financial activity.
Transactional systems, on the other hand, are designed to process individual payments such as card purchases, transfers, and withdrawals.
While transactional systems move money in and out of accounts, banking systems update balances and maintain the official records, meaning the two work together to complete and reflect financial transactions.
No indication of misuse of data
The lender assured customers that it had “no indication of misuse of data as a result of this incident.”
“We want to reassure you that protecting your privacy and personal information remains our highest priority,” said the bank.
“While this is not related to any fraud incident, there is always a risk that fraudsters may try to use personal information to commit identity theft. They also use social engineering to obtain even more information from you – so please never share things like pins, passwords, or even OTPs, with anyone.”
Precaution measures
The bank also included some precautionary measures for customers to follow during this moment of uncertainty.
- Update your banking passwords on our digital banking platforms as well as your passwords on social media platforms.
- Enable biometric authentication on the Standard Bank mobile banking app.
- If you’re using your email address as your username on our banking app, change it to something more unique.
- Contact us immediately if you notice any suspicious activity on your bank accounts or cards.
- Use strong, unique passwords and enable biometric authentication where possible.
- Verify any unexpected email, SMS or call asking for sensitive information by contacting the bank through trusted channels.
- Avoid clicking on suspicious links or unfamiliar website URLs.
- Register with the Southern African Fraud Prevention Service for protective registration. This is a free service. If anyone tries to apply for any banking-related products with your identity number, it will be declined or referred for further review. Visit here.
Support Local Journalism
Add The Citizen as a Preferred Source on Google and follow us on Google News to see more of our trusted reporting in Google News and Top Stories.