The Afrika-wide subsidiary of TransUnion, an American consumer credit reporting agency, has confirmed that it was hacked by the self-named ransomware gang N4aughtyTU and was a victim of a data breach. The group has demanded $15 million (R223 million) in Bitcoin to avoid the online leak of 4TB of data.

To break through TransUnion's security safeguards, N4ugthySecTU has said that they used a brute force attack to guess login credentials.

In accordance with our ongoing investigations and research into the data breach, has contacted TransUnion for an interview to verify their awareness of the incident and ascertain what procedures are being deployed.

Q&A with TransUnion Africa

More information on the data breach TransUnion officially notified the regulator of the incident? If so, when?

TransUnion Spokesperson: We have notified the regulator. We are working closely with regulators and law enforcement

Could this possibly be an inside job or someone with knowledge of your systems? An ex-employee?

We can confirm a criminal third party obtained access to an isolated server of TransUnion South Africa through misuse of an authorized client’s credentials.

Which categories of personally identifiable information have been compromised?

Based on our investigation to date, fields of information that may be affected include name, ID number, date of birth, gender, contact details, marital status and information, the identity of employer and duration of employment, vehicle finance contract number, and VIN (Vehicle Identification Numbers) numbers. In isolated circumstances, spouse information, passport numbers, credit or insurance scores may be impacted. Each data subject may have a combination of different fields impacted, depending on what data was available.

Has TransUnion notified all victims as per POPIA?

Where contact information is available, TransUnion is directly contacting by email or text the individuals we know to be impacted. If anyone is uncertain of communication that appears to come from TransUnion, we recommend visiting our website instead by typing in the following web address:

What do these 'criminal third parties' propose to do with the disclosed data?

We are aware that a criminal third party has aggregated and is releasing data allegedly obtained from TransUnion South Africa and other sources, including at least 54 million records unrelated to TransUnion from prior data breaches dating back to 2017. With the help of outside experts, we are screening and reviewing this data as quickly as we are able to safely access it.

What measures are you currently undertaking to mitigate the impact of this breach on your customers?

Our team is working closely with external experts to conduct a thorough investigation, which takes time

What compensation is TransUnion offering considering the data can be used easily for identity theft?

We regret we cannot provide further information now, but we want to ensure we provide accurate information.

Anything else you'd like to add.

TransUnion South Africa is providing information on how affected individuals can protect themselves, including a free annual subscription to TransUnion’s tools to detect identity-related threats which includes, free access to their credit report and alerts up to 31 December 2023.

— By Bataung Qhotsokoane

Share this via