Durrant Pate/Contributor

Access Financial Services (AFS) is dismissing ‘rumours’ of a second cyber incident as its investigation into a data breach earlier in February has confirmed the release of client and customer personal data online.

In its March 31 update, AFS reported that it has since formally notified affected individuals via text and email with a copy of the notice (March 23), including frequently asked questions published on its website. 

In addition to these notifications, the company followed up with phone calls to all affected individuals.

Our Today reported last month that this breach involved personal data belonging to AFS’ clients and customers on February 27.

Addressing misinformation

Moreover, AFS took the opportunity to address what it called ‘misinformation’ regarding the breach, particularly in a March 30 news article, which claimed that “scores of email addresses and related passwords,” were among the stolen data. 

The micro-financier explained that while it is possible that a customer’s email address may have been leaked (as we do collect this data), it emphasised, “AFS does not store or request passwords from our customers. Therefore, no passwords were compromised in this breach.”

Additionally, the article referenced a cybersecurity expert, who mused that the large volume of stolen data suggested it was taken over several days or weeks.

In its rebuttal, AFS says, “This is inaccurate. Our monitoring system shows that the attacker gained access to our systems on February 27, 2025, at approximately 3:30 AM. Our security measures were immediately triggered, allowing us to contain the breach, restrict access, and lock the attacker out of our systems in less than 24 hours.”

AFS counterargued that there has also been some ‘misleading speculation’ circulating on social media regarding a second breach, adamantly declaring, “We want to clarify that this is completely false. After a thorough review, we have confirmed that only one breach occurred on February 27, 2025.”

“Lastly, there has been speculation that our data was unencrypted, which is both misleading and inaccurate. We want to assure you that we have taken all necessary steps to protect the data and are actively working to correct any misinformation circulating,” the company said.