The country’s arm of TransUnion confirmed Thursday that “a criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client’s credentials.” The company said the ransom demand “will not be paid.”
South African news site ITWeb reported that a group calling itself N4aughtysecTU, which claims to be be based in Brazil, is taking responsibility.
“We are N4ughtySec Group hackers. We have hacked TransUnion South Africa since 2012,” the group claimed in a Telegram chat with ITWeb. There were no details about the group’s attack, although it claims TransUnion used a weak password in one part of its network.
“We have over 4TB of all their customers’ information. The information includes over 200 corporate companies,” the purported cybercriminals said. “We have been in contact with TransUnion and they have been given our ransom demands. They were alerted on Friday, the 11th March 2022.”
ITWeb said the hackers are asking for bitcoin worth about 223 million in South African rand, or about $15 million.
Johannesburg-based TransUnion said it notified authorities and is working with cybersecurity experts to respond to the breach.
“We believe the incident impacted an isolated server holding limited data from our South African business,” TransUnion said. “We are working with law enforcement and regulators.”
From The Shadows Emerges Knowledge