TransUnion Breach: Deadline Passes for $15m Extortion Demand

A group of Brazilian hackers, going under the name N4ughtySecTU, is demanding $15 million in Bitcoin from credit reporting agency TransUnion South Africa. If the victim doesn’t pay up, the group is threatening to leak over four terabytes of breached client data.

The deadline to pay was midnight Saturday, but at the advice of cybersecurity experts, TransUnion has refused to comply. Instead, they’ve appointed a world-leading forensic firm to investigate the extent of the incident.

Massive Data Hack

The data breach occurred last week, when the hackers obtained access to one of the company’s South African servers. According to TransUnion South Africa, the cybercriminals stole at least three million South Africans’ private data. How? The group used one of the company’s client’s compromised credentials. N4ughtySecTU said they had performed a simple brute force attack on the TransUnion server and were able to guess a TransUnion client’s username and password. According to N4ughtySecTU, the password was… “password”.

The hackers told ITWeb they had retrieved 54 million personal records. These allegedly contain everything from credit scores to banking details and ID numbers. TransUnion claims those records were obtained from prior breaches going back to 2017.

According to MyBroadband, who spoke to the hackers, the breached data also includes client data from major South African banks, insurers, and auto manufacturers.

While TransUnion has refused to pay the ransom, the hackers are apparently demanding “insurance fees” from these affected companies. Those who pay will be exempt when the hackers start leaking the stolen data.

The group has also threatened to release the personal information of politicians, judges, police, advocates, and their family members. The cybercriminals already released South African president Cyril Ramaphosa’s ID number on a Telegram group chat. They also released the ID numbers of opposition leader Julius Malema, and TransUnion CEO Lee Naik.

N4ughtySecTU has also threatened to continue publishing sensitive data unless TransUnion pays a $15 million ransom; but so far, TransUnion has refused to budge. TransUnion believes that yielding to the demands would only incentivize cybercriminals to continue extorting businesses.

Small Compensation

TransUnion says it’s contacting individuals where their information is available. The company even offered those affected free access to its TrueIdentity product for a year.

“TrueIdentity gives people the information and tools to detect identity-related threats and, if need be, a way to get help to recover from them,” TransUnion stated.

Inadequate Response

South Africa’s Information Regulator has denounced TransUnion South Africa’s response to the breach as “inadequate”.

While the company has issued a statement and notified impacted individuals via email, the regulator says these notifications fall short of what’s required under the Protection of Personal Information Act (POPIA).

“The notification doesn’t provide sufficient details nor remedy to the millions of data subjects, people about whom the personal information relates, whose personal information has been compromised by the TransUnion security compromise,” the regulator stated. TransUnion may be liable for a fine of up to R10 million for not adequately protecting consumer data.

The Risks

Cybersecurity experts warn that stolen data can be used in organized crime such as burglaries, car hijackings, fraud, and identity theft.

Two years ago, Experian, another credit bureau, had a data breach relating to 24 million consumers. In the year after that breach, the South African Fraud Prevention Service (SAFPS) reported a massive jump in fraud across the country. Fraud listings increased by 62%, victim listings increased by 54%, and impersonation fraud more than tripled.

The managing director of digital forensics lab, Cyanre, Professor Danny Myburgh, says criminals with access to the data could use it to steal money from victims. O He indicated they could even use the data in identity theft. According to Myburgh, the criminals could also take out credit under a victim’s name or buy items and services on contract.

If the attackers can crack a victim’s passwords, they can also access email or other online accounts to retrieve data. They’ll then use that data to extort or blackmail victims. More commonly, marketers buy the data to drive leads for insurance and credit-related services.

What To Do

If your information has been breached, here are 13 measures you can take to protect yourself:

  1. Contact the breached company to find out what was compromised.
  2. Check for news and updates from the breached company.
  3. Find out what support the hacked organization will provide.
  4. Don’t use compromised information to confirm your identity in the future.
  5. Regularly change your passwords or use a password protector like CyberGhost Password Manager.
  6. Don’t use the same password everywhere. Use a password generator to create unique, uncrackable passwords.
  7. Change your security questions.
  8. Keep an eye on your bank accounts and check your credit reports.
  9. Freeze your credit if you suspect your information has been breached.
  10. Provide personal information only when you have a legitimate reason.
  11. Never disclose personal information, like passwords and PINs.
  12. Activate two-factor authentication wherever possible.
  13. Use a VPN to prevent further private information from leaking.

Protect Your Private Information

While you can do little about information already leaked into the public domain, you can take steps to defend your security and privacy in the future with CyberGhost VPN. Our VPN encrypts your internet traffic so no one can snoop on your activities or use your information to extort you. CyberGhost VPN also hides your IP, so nothing can be traced back to your location.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*