Avatar photo

By Ciaran Ryan

Moneyweb: Journalist & Host of Moneyweb Crypto Podcast


TransUnion hack: Deadline passes for R220m extortion demand

The investigation into the hack is likely to take several weeks. In the meantime, TransUnion is using the opportunity to up-sell clients by offering an ID protection package at R499 a year.


TransUnion missed the deadline on Friday for paying a $15m ransom demanded by a group of hackers going under the name N4ughtySecTU, allegedly based in Brazil.

TransUnion says it will not pay the demand, adding that this was an extortion demand, not a ransomware attack. The hackers demanded $15 – around R220m – million in bitcoin.

TransUnion data breach

N4ughtySecTU Investigation continues

The data breach occurred just over a week ago when the hackers obtained access to a TransUnion South Africa server through misuse of an authorised client’s credentials.

The company issued a statement over the weekend saying that it had suspended that client’s access and had appointed a world-leading forensic firm to lead the investigation.

“We are also working closely with South African regulators and law enforcement in South Africa and the US,” says the statement.

The hack is reportedly limited to an isolated server holding limited data from the SA branch of TransUnion.

54 million client records

The N4ughtySecTU hackers are threatening to release data obtained from the hack, which includes at least 54 million client records apparently unrelated to TransUnion that were obtained from prior breaches going back to 2017.

The ID information on the 54 million South Africans is reckoned to be a Home Affairs database stored on the TransUnion server.

According to MyBroadband, also included in the breached data were the major banks and insurers, as well as several auto manufacturers.

Sidebar ‘insurance fee’ demands

While TransUnion has refused to pay the $15 million, the hackers have apparently demanded an insurance fee from the affected companies. Those who pay the fee will be safe when the hackers start releasing stolen data.

The group has threatened to release the personal information of politicians, judges, police and advocates, as well as their family members.

The ID numbers of President Cyril Ramaphosa, EFF leader Julius Malema, TransUnion CEO Lee Naik and others were released on a Telegram group chat last week.

Also released were bank account numbers and vehicle registration details.

Leaked N4ughtySecTU information includes:

Fields of information that may be affected include name, ID number, date of birth, gender, contact details, marital status and information, the identity of employer and duration of employment, vehicle finance contract number, and VIN (vehicle identification number) numbers.

In isolated circumstances, spouse information, passport numbers, credit or insurance scores may be impacted.

Each data subject may have a combination of different fields impacted, depending on what data was available.

ALSO READ: An estimated three million customers affected by TransUnion breach

TransUnion clients urged to purchase ID protection

TransUnion says to prevent the kind of identity theft occasioned by the cyberattack, it is offering a free one-year subscription to TrueIdentity, which allows users to detect identity-related threats and recover from the consequences of ID theft. Thereafter, the cost of ID protection is R499 a year.

“When the free one-year subscription to TrueIdentity lapses, we will provide you with a TrueCredit subscription until 31 December 2023. TrueCredit provides credit monitoring and credit alerts as well as monthly credit reports,” says the statement from TransUnion.

It remains to be seen how this goes down with clients whose data was stolen.

Reaching out to affected customers

TransUnion says where contact information is available, it is directly contacting known impacted individuals. “We are working incredibly hard to get notifications to consumers as soon as possible,” it says.

“As our investigation continues, our teams have been working alongside multiple regulatory, law enforcement and industry bodies to ensure we maintain as full and comprehensive an understanding of the potential impact on all of our consumers as possible.”

An investigation of this nature is likely to take several weeks and information will be shared with all law enforcement agencies to support their ongoing criminal investigation.

Echoes of Experian

Previously, credit bureau Experian suffered a hack where an estimated 24 million South Africans had their data compromised.

In September 2021 it was announced that the Hawks had arrested a 36-year-old Gauteng suspect in the crime.

The South African Banking Risk Information Centre (Sabric) issued a statement saying no consumer credit or consumer financial information was obtained in the Experian breach.

“Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes.”

The suspect intended to use the data to create marketing leads to offer insurance and credit-related services, and attempted to sell the data for R4.2 million.

NOW READ: Experian data breach case ‘now in the hands of law enforcement’


Originally published on Moneyweb by Ciaran Ryan. Read the original article here.

Read more on these topics

Cybercrime hacking South Africa

For more news your way

Download our app and read this and other great stories on the move. Available for Android and iOS.