Hackers Demand $15 Million Ransom from TransUnion after Breaching Server

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

International credit bureau TransUnion said in a statement on Sunday that hackers managed to breach a server operated by its South African division and gained access to the personal information of customers.

According to an FAQ published by TransUnion South Africa, the threat actors gained access to the sensitive data by using the compromised credentials of one of the company’s clients.

The firm says that the exposed data “may include personal information, such as telephone numbers, email addresses, identity numbers, physical addresses, and some credit scores.”

As a precaution, TransUnion South Africa took some of its infrastructure offline temporarily while it investigated the breach.

A Brazilian hacking group calling itself N4aughtysecTU had claimed responsibility for the data breach, and the group told the media that it stole 4TB of data, containing the records of 54 million customers.

The hackers also claimed that the account they compromised to gain access to data on TransUnion’s server was protected with a password of “password.”

N4aughtysecTU sent an extortion demand to TransUnion South Africa that requested R223 million (approximately $15 million US dollars) in cryptocurrency in exchange for not releasing the stolen data.

The hackers also threatened to access TransUnion’s clients with financial demands.

TransUnion South Africa said it will not pay the ransom, and that it has brought in cybersecurity experts to assist in its response to the incident.

Additionally, TransUnion has attempted to debunk N4aughtysecTU’s claims that 54 million records have been exposed, claiming instead that those records relate to a 2017 data incident not involving TransUnion.

TransUnion South Africa hasn’t yet stated just how many individuals may have been impacted by the breach, or how much data the hackers may have accessed. The company has only claimed that it believes “the incident impacted an isolated server holding limited data from [its] South African business.”

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.

Leave a Comment