Credit bureau TransUnion South Africa is playing a cat and mouse game with a hacker group that is demanding a $15 million (R223 million) ransom over four terabytes of compromised data.
The hacker group, going by the name N4aughtysecTU, which claims to hail from Brazil, is alleging it breached TransUnion and accessed 54 million personal records of South Africans.
TransUnion has confirmed that a criminal third-party obtained access to its South African server through misuse of an authorised client’s credentials.
“We have received an extortion demand and it will not be paid,” the credit bureau says in a statement to ITWeb.
TransUnion becomes the second credit bureau to be hacked. In 2020, Experian, a consumer, business and credit information services agency, experienced a breach of data which exposed some personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.
TransUnion is an American consumer credit reporting agency, which collects and aggregates information on over one billion individual consumers in over 30 countries across the globe.
Speaking to ITWeb via Telegam, the hacker group claims the information it is in possession of includes anything from credit scores, banking details and ID numbers.
So weak were the IT systems that the password TransUnion used was the word “Password”, says the group.
It adds it breached the TransUnion system as far back as 2012 without being detected.
“We are N4ughtySec Group hackers. We have hacked TransUnion South Africa since 2012,” the hacker group claims.
“We have over 4TB of all their customers’ information. The information includes over 200 corporate companies. We have been in contact with TransUnion and they have been given our ransom demands. They were alerted on Friday, the 11th March 2022.”
It says the CEO, Lee Naik, was contacted on his personal cellphone after his personal information was found on the TransUnion systems.
The group is now threatening the credit bureau that if the ransom is not paid, it will expose the data or target the clients.
N4aughtysecTU is demanding TransUnion pay the R223 million ransom in Bitcoin in the next seven days.
“If they don’t pay, we will attack all their corporate clients,” the group threatens.
It adds: “We have put the data into groups – political parties, government officials, government officials, Parliament officials, judges, prosecutors, etc.”
In a statement, TransUnion says immediately upon discovery of the incident, it suspended the authorised client’s access, engaged cyber security and forensic experts and launched an investigation.
As a precautionary measure, it says, TransUnion South Africa took certain elements of its services offline.
According to the company, these services have resumed. “We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators.
“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected. We will be making identity protection products available to impacted consumers free of charge,” says the company.
“The security and protection of the information we hold is TransUnion’s top priority,” says Lee Naik, CEO TransUnion South Africa. “We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected.”