Credit bureau TransUnion has been hacked and has received a demand for ransom, it said in a statement.
The hackers, who described themselves as a “criminal third party”, gained access to the bureau’s server by misusing an authorised client’s credentials, according to the statement.
“We have received an extortion demand and it will not be paid,” TransUnion said.
The Southern African Fraud Prevention Service (SAFPS) said it appears that TransUnion is battling to retrieve the compromised data from the hackers. TransUnion has not yet confirmed or denied this directly to Fin24.
But the company said it is working with law enforcement and regulators. Its investigation is ongoing, and as it progresses, TransUnion SA will notify and assist those whose personal data may have been affected.
According to TransUnion, it immediately suspended the compromised client’s access, engaged cybersecurity and forensic experts, and began investigating. It is working with law enforcement, it said.
It also took some of its services offline, but these have since resumed.
“We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators,” it said.
“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected.
“We will be making identity protection products available to impacted consumers free of charge,” TransUnion added.
CEO Lee Naik added that protecting client data was TransUnion’s “top priority”.
“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected,” said Naik.
Technology site ITWeb earlier reported that the hacker group was going by the name N4aughtysecTU and claimed to come from Brazil. Speaking to ITWeb via Telegram, the hacker group reportedly said it had 4 terabytes of client information and had accessed some 54 million records, including data from over 200 corporates.
The group allegedly threatened to attack TransUnion’s corporate clients if the bureau didn’t cough up. According to ITWeb it wants $15 million (~R223 million) in Bitcoin.
Rising data breach incidents in SA
SAFPS CEO Manie van Schalkwyk said records of 54 million South Africans might have been compromised.
“This alarming news is further indication that every company that holds personal information is a potential target. The consumer desperately needs an extra layer of protection on their identity against criminals who will turn their lives upside down without a second thought,” said SAFPS CEO Manie van Schalkwyk.
SAFPS said cyberattacks and data breaches targeting SA companies have escalated over the past two years.
In 2020, another credit bureau, Experian, suffered a data breach, which potentially exposed the information of 24 million South Africans. In 2021, Debt-IN Consultants, a debt recovery partner to many South African financial services institutions, got a ransomware attack. It is estimated that the personal information of more than 1.4 million South Africans was illegally accessed from its servers.
Banks have not been spared either. Absa announced a data leak in November 2020, and it has been identifying more impacted customers this year, almost a year-and-a-half after the incident. Standard Bank also identified a data breach on its LookSee platform in November last year.
“Data breaches have been on the rise globally, and South Africa has seen unprecedented increases in the number of cyber victims,” said Dalene Deale, the executive head of Secure Citizen, which was created through a collaboration with SAFPS and OneVault to identity theft following online fraud.
Deale said this increase in data breaches means that fraudsters are now armed with more the correct information enabling them to impersonate individuals.
SAFPS said when records of more than 20 million consumers were compromised at another credit bureau – possibly Experian – it saw impersonation rise by more than 300%.