TransUnion South Africa battling to retrieve personal records after hack

On 17 March, ITWeb reported that credit bureau, TransUnion South Africa, is currently in an ongoing battle with a hacker group that is demanding a $15 million (R223 million) ransom over four terabytes of compromised data.

The hacker group, going by the name N4aughtysecTU, which claims to hail from Brazil, is alleging it breached TransUnion South Africa and accessed 54 million personal records of South Africans. Speaking to ITWeb via Telegam, the hacker group claims the information it is in possession of includes anything from credit scores, banking details and ID numbers.

TransUnion South Africa has issued a statement confirming that a criminal third-party obtained access to an isolated South African server, through misuse of an authorised client’s credentials.

“This alarming news is further indication that every company that holds personal information is a potential target. The consumer desperately needs an extra layer of protection on their identity against criminals who will turn their lives upside down without a second thought,” reports Manie van Schalkwyk, CEO of the Southern African Fraud Prevention Service (SAFPS). “How significant is the risk? It is estimated that there are 17 billion cyber attacks that take place around the world every day, not all being successful.

A history of breaches

Over the past two years, South African companies have been reporting that they have been victims of cyber attacks and data breaches. Some of these breaches included the compromise of personal information of consumers.

No organisation is immune against cyber-attacks and the Department of Justice recently announced that it was a victim of a cybercrime. In a separate incident, Debt-IN Consultants, a professional debt recovery solutions partner to many South African financial services institutions, announced on 22 September that a ransomware attack by cyber criminals resulted in a significant data breach of consumer and employee personal information.

It is suspected that consumer and personal information of more than 1.4 million South Africans was compromised through the Debt-IN attack in April last year. The breach only came to light last week.

Common practice

“Data breaches have been on the rise globally and South Africa has seen unprecedented increases in the number of cyber victims,” says Dalene Deale, Executive Head of Secure Citizen.

Secure Citizen was created through a collaboration with SAFPS and OneVault in response to a rapid growth in identity theft following online fraud.  “Fraudsters do not discriminate. As we continuously move towards the adoption of a digital and more importantly ‘touchless’ era, the platform for fraud increases. Fraud is a fraudster’s business and they often use the same business tactics we use in legitimate business, the difference being that they don’t have customers, they have victims. Thanks to an increase in data breaches, fraudsters are motivated and armed with the correct information, meaning that are very capable of impersonating an individual. The impacts of this are catastrophic,” says Deale.

Van Schalkwyk points out that the TransUnion breach is concerning as the records of 54 million South Africans may have been compromised. “In a country where identity fraud is common practice, this is extremely concerning. It is critical that consumers act now before significant fraud is unknowingly committed on their behalf.  The last significant data compromise in 2020 where more than 20 million records were compromised with another credit bureau, the SAFPS saw a rise of impersonation of more than 300%,” says Van Schalkwyk.

Digital Protective Registration (Powered by Secure Citizen)

One of the most important services, and the core of SAFPS’ service offering, is Protective Registration. Protective Registration is a free service protecting individuals against identity theft. Consumers apply for this service and the SAFPS alerts its members to take additional care when dealing with that individual’s details.

Protective Registration provides an added layer of protection and peace of mind regardless of whether the identity of the applicant has been compromised.

“If a member of the public wants to become proactive in the fight against fraud, the SAFPS is there to serve them. Visit our website on   Click on the fraud prevention tab and protect yourself against identity theft with Protective Registration.  For best results, use your smart phone to go to our website.  Once you have uploaded key pieces of information, you will add another layer of protection against potential ID fraud,” says Van Schalkwyk.

“Consumers can register for a Digital Protective Registration and take action today to prevent fraudsters from having their way with your birth right. Your identity shouldn’t be used by anyone but you. And the service is at no cost to you,” says Deale.

“As a society, it is important that we move towards creating a world where the fight against fraud becomes protective and proactive. We need to protect consumers and this needs to be done in a proactive manner. We cannot always be reactive when it comes to fraud,” says Van Schalkwyk.