South African credit bureau TransUnion server hacked

Cape Town — TransUnion has confirmed that a third-party criminal gained access to its South African server by misusing the credentials of an authorized customer.

“We have received an extortion request and it will not be paid,” the company said.

A Brazilian hacker group, N4aughtysecTU, has claimed responsibility and said it had access to the identification numbers, bank details and credit scores of millions of South Africans.

TransUnion says that immediately upon discovery of the incident, it suspended authorized customer access, engaged cybersecurity and forensic experts, and launched an investigation.

The group reportedly gave TransUnion seven days to pay the ransom in bitcoin.

the statement reads;

A third party criminal gained access to a TransUnion South Africa server by misusing the credentials of an authorized customer. We received an extortion request and it will not be paid.

Immediately upon discovery of the incident, TransUnion South Africa suspended customer access, engaged cybersecurity and forensic experts and launched an investigation. As a precaution, TransUnion South Africa has taken certain elements of our services offline. These services have resumed. We believe the incident affected an isolated server containing limited data from our South African company. We work with law enforcement and regulators.

We are engaging clients in South Africa regarding this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected. We will make identity protection products available to affected consumers free of charge.

“The security and protection of the information we hold is TransUnion’s top priority,” said Lee Naik, CEO of TransUnion South Africa. “We understand that situations like this can be troubling and TransUnion South Africa remains committed to helping anyone whose information may have been affected.”

The American company is present in more than 30 countries around the world.