Hackers demand R1.1bn ransom from TransUnion and Experian - threaten to leak personal data of South Africans

• TransUnion and Experian, two major South African credit bureaus, are being targeted by hacking group N4ughtySecTU, claiming they have access to personal information of South Africans.
• The hackers have demanded R1.1 billion in 72 hours or they will leak the data.
• Both TransUnion and Experian denied the breach, stating that they haven't picked up any illegal access or data compromises on their systems.
• For more stories, visit the Tech and Trends homepage.

TransUnion and Experian, two of South Africa's largest credit bureaus, are facing threats from hackers known as N4ughtySecTU who are claiming that they have penetrated both agencies' systems and have obtained sensitive financial and personal data of South Africans.

TransUnion has confirmed that the hackers are demanding R1.1 billion in ransom and have given the agency a 72-hour deadline before they release the confidential information.

TransUnion responded to the latest threat, stating that they have found no evidence of a security breach on their side.

“TransUnion South Africa is aware of a financial demand from a threat actor asserting they have accessed TransUnion South Africa’s data. While we are continuing to monitor closely, we have found no evidence that our systems have been inappropriately accessed or that any data has been exfiltrated.

“We’ve likewise seen no change to our operations and systems in South Africa related in any way to this claim. We treat matters regarding our information security seriously, and data security remains our top priority,” the credit bureau said in response to questions from News24.  

Experian has also addressed the situation, denying the allegations made by N4ughtySecTU.

“We have investigated reports that Experian data in South Africa has been illegally obtained and have found these claims to be baseless.

“There is no evidence that our systems or data have been compromised in any way, nor the systems or data of any of our clients. We take threats of this nature very seriously and will continue to review our systems for security. Protecting our customers and data is our top priority,” Experian told Times Live.

This isn't the first time TransUnion has found itself in the grip of cybercriminals. The hackers targeted the agency last year, demanding R223 million.

Experian made headlines in August 2020 when it experienced a data breach that exposed the personal data of over 20 million South Africans and 793 749 businesses to a fraudster named Karabo Phungula. He was subsequently sentenced to 15 years in prison.