TransUnion South Africa battling to retrieve personal records after hack

Issue 1 2022 Editor's Choice

On 17 March, ITWeb reported that credit bureau, TransUnion South Africa, is currently in an ongoing battle with a hacker group that is demanding a $15 million (R223 million) ransom over four terabytes of compromised data.

The hacker group, going by the name N4aughtysecTU, which claims to hail from Brazil, is alleging it breached TransUnion South Africa and accessed 54 million personal records of South Africans. Speaking to ITWeb via Telegam, the hacker group claims the information it is in possession of includes anything from credit scores, banking details and ID numbers.

TransUnion South Africa has issued a statement confirming that a criminal third-party obtained access to an isolated South African server, through misuse of an authorised client’s credentials.

“This alarming news is further indication that every company that holds personal information is a potential target. The consumer desperately needs an extra layer of protection on their identity against criminals who will turn their lives upside down without a second thought,” reports Manie van Schalkwyk, CEO of the Southern African Fraud Prevention Service (SAFPS). “How significant is the risk? It is estimated that there are 17 billion cyber attacks that take place around the world every day, not all being successful.

A history of breaches

Over the past two years, South African companies have been reporting that they have been victims of cyber attacks and data breaches. Some of these breaches included the compromise of personal information of consumers.

No organisation is immune against cyber attacks and the Department of Justice recently announced that it was a victim of a cybercrime. In a separate incident, Debt-IN Consultants, a professional debt recovery solutions partner to many South African financial services institutions, announced on 22 September that a ransomware attack by cyber criminals resulted in a significant data breach of consumer and employee personal information.

It is suspected that consumer and personal information of more than 1,4 million South Africans was compromised through the Debt-IN attack in April last year. The breach only came to light last week.

Common practice

“Data breaches have been on the rise globally and South Africa has seen unprecedented increases in the number of cyber victims,” says Dalene Deale, executive head of Secure Citizen.

Secure Citizen was created through a collaboration with SAFPS and OneVault in response to a rapid growth in identity theft following online fraud. “Fraudsters do not discriminate. As we continuously move towards the adoption of a digital and more importantly ‘touchless’ era, the platform for fraud increases. Fraud is a fraudster’s business and they often use the same business tactics we use in legitimate business, the difference being that they don’t have customers, they have victims. Thanks to an increase in data breaches, fraudsters are motivated and armed with the correct information, meaning they are very capable of impersonating an individual. The impacts of this are catastrophic,” says Deale.

Van Schalkwyk points out that the TransUnion breach is concerning as the records of 54 million South Africans may have been compromised. “In a country where identity fraud is common practice, this is extremely concerning. It is critical that consumers act now before significant fraud is unknowingly committed on their behalf. The last significant data compromise in 2020 where more than 20 million records were compromised with another credit bureau, the SAFPS saw a rise of impersonation of more than 300%,” says Van Schalkwyk.

Digital Protective Registration (powered by Secure Citizen)

One of the most important services and the core of SAFPS’ service offering, is Protective Registration. Protective Registration is a free service protecting individuals against identity theft. Consumers apply for this service and the SAFPS alerts its members to take additional care when dealing with that individual’s details.

Protective Registration provides an added layer of protection and peace of mind regardless of whether the identity of the applicant has been compromised.

“If a member of the public wants to become proactive in the fight against fraud, the SAFPS is there to serve them. Visit our website on www.safps.org.za. Click on the fraud prevention tab and protect yourself against identity theft with Protective Registration. For best results, use your smartphone to go to our website. Once you have uploaded key pieces of information, you will add another layer of protection against potential ID fraud,” says Van Schalkwyk.

“Consumers can register for a Digital Protective Registration and take action today to prevent fraudsters from having their way with your birthright. Your identity shouldn’t be used by anyone but you. And the service is at no cost to you,” says Deale.

For more information go to www.safps.org.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Migrating to mobile
Technews Publishing neaMetrics Suprema Editor's Choice
The ability to use mobile phones as access control credentials has been with us for a long time, yet only 32% of companies use them, and many only for specific use cases.

Read more...
The problem with biometrics
Technews Publishing Editor's Choice Access Control & Identity Management Integrated Solutions
We have come to rely heavily on biometrics for many aspects of access and identity management, especially in identity management where selfie authentication is accepted with confidence. Are we doing it right? Roger Grimes has his own take on the matter.

Read more...
AI presents people and companies with benefits and risks
Technews Publishing Editor's Choice
AI has changed and will still change the security landscape dramatically, but defenders and criminals can use its capabilities effectively.

Read more...
Demystifying OSDP
Technews Publishing Editor's Choice
Open Supervised Device Protocol (OSDP) is more versatile and, importantly, a more secure protocol for access control systems than the old Wiegand installations the industry has adopted for decades.

Read more...
A closed security concept for test halls and perimeter
Dallmeier Electronic Southern Africa Editor's Choice
At its factory facilities in Vilsbiburg, Germany, Flottweg SE relies on tailored video security technology from Dallmeier for perimeter security and workplace safety.

Read more...
Advanced server performance and energy efficient design
Editor's Choice IT infrastructure Products
Dell PowerEdge server portfolio expansion offers more performance, including up to 2.9x greater AI inferencing while Dell Smart Flow design and Dell Power Manager software advancements deliver greater energy efficiency.

Read more...
Free-to-use solar score for South African homes
Technews Publishing Editor's Choice
The LookSee Solar Score is one of the first of its kind to provide insight into the potential of solar power for South Africa’s residential properties.

Read more...
Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.

Read more...
Fire-fighting force at Vergelegen
Editor's Choice Fire & Safety Residential Estate (Industry)
Vergelegen wine estate in Somerset West, and its neighbours, are set to enjoy greater peace of mind this summer, thanks to the delivery of a brand new fire truck .

Read more...
Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.

Read more...