Credit bureau TransUnion hacked – ransom sought

One of South Africa’s largest credit bureaus, TransUnion, has been hacked.

The company said in a statement on Friday that a third party obtained access to one of its servers through “misuse of an authorised client’s credentials”.

“We have received an extortion demand and it will not be paid,” the company said.

“Immediately upon discovery of the incident, TransUnion South Africa suspended the client’s access, engaged cybersecurity and forensic experts, and launched an investigation,” it added.

It said that it took “certain” of its services offline as a precautionary measure, but these services are now back online.

“We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators,” the company said.

“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected. We will be making identity protection products available to impacted consumers free of charge.”

‘$15-million ransom’

ITWeb reported that the the attackers, known as the Brazilian hacker group N4aughtysecTU, were demanding US$15-million (R224-million) in ransom within seven days and that they had stolen 4TB of data from TransUnion made up of the personal records of 54 million South Africans.

“The security and protection of the information we hold is TransUnion’s top priority,” said CEO Lee Naik in the statement.

“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected.”

TechCentral has reached out to TransUnion for further information.  — (c) 2022 NewsCentral Media

• This is a developing story