Credit reporting agency TransUnion South Africa announced that threat actors compromised a company server based in South Africa using stolen credentials. Threat actors have stolen company data and demanded a ransom of $15 million payment not to release stolen data.
The hacker group, N4aughtysecTU, which claims to be based in Brazil, is alleging it breached TransUnion South Africa and accessed 54 million personal records of South Africans.
The hacker group reportedly claims the information it is in possession of includes anything from credit scores, banking details and ID numbers after brute forcing an SFTP server that has a password “Password“
As a precautionary measure, the company temporarily took part of its infrastructure offline.A criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client’s credentials. We have received an extortion demand and it will not be paid.Transunion statement
The company has declared that it will not pay the ransom and hired cybersecurity and forensic experts to investigate the extent of the security breach and believes the security breach only impacted an isolated server holding limited data from South African business.
“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected.” – statement