Your personal details may be in the hands of hackers after credit bureau TransUnion compromised in one of SA’s largest data breaches
Cape Town - A group of hackers is reportedly demanding over R220 million from credit bureau TransUnion South Africa over four terabytes of compromised data affecting 54 million South Africans.
This is one of the largest-ever data breaches in the country. TransUnion has acknowledged the demand, and said however, the money “will not be paid".
In a statement it said it was investigating the breach, and would notify and assist individuals whose personal data may have been affected, and would be making identity protection products available to impacted consumers, free of charge.
TransUnion South Africa CEO, Lee Naik, said that the security and protection of the information they hold was “TransUnion’s top priority”.
“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected,” Naik said.
TransUnion collects credit information about consumers from banks, retailers and other parties, meaning that even if you haven’t interacted with them, your personal details and financial history may have been compromised. The credit bureau is said to be the largest in South Africa that maintains both consumer and business data.
ITWeb reported the hacker group, going by the name N4aughtysecTU was alleging it breached the agency and had access to the personal records of 54 million South Africans.
Speaking to ITWeb via Telegam the group claimed they had credit scores, banking details and ID numbers in their possession.
It said the IT systems of TransUnion was so “weak” that the password used was the word “Password”, according to the report.
Confirming the security breach on March 17, and giving an update on the situation, the consumer credit reporting agency said a “criminal third party” obtained access to a TransUnion South Africa server through the “misuse of an authorised client’s credentials”.
Upon discovery of the incident, TransUnion South Africa immediately suspended the client’s access; engaged with cyber security experts and forensic experts; and launched an investigation, it said.
“As a precautionary measure, TransUnion South Africa took certain elements of our services offline. These services have resumed,” the statement read.
“We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators. We are engaging clients in South Africa about this incident.”
Meanwhile, Tweeps have take to Twitter to share shock that the credit bureau’s password was “Password”.
Another Tweep said the company being breached 10 years ago without detection was “incompetence”.