TransUnion, the credit reporting behemoth, has revealed a data breach impacting its South African operations. Profit-driven cybercriminals appear to have targeted the firm. In a recent statement, the business told that cybercriminals used a client’s credentials to access a TransUnion South Africa computer. The impacted client’s access was suspended, and some services were put down after the breach’s identification.
According to the corporate entity, only an “isolated server holding limited data” from the company’s South African operations. The attack has been claimed by a gang that purports to be operating out of Brazil. The South African technology news website MyBroadband disclosed that the attackers claim to have taken 4GB of files, including the personal information of 54 million South Africans.
Even though South Africa has approximately 60 million people, TransUnion claims on its Facebook page that it “maintains credit data on more than 24 million credit active South Africans.” The hackers, who go by the moniker N4ughtysecTU, claim to have sought a ransom of $15 million. The extortion attempt has been confirmed by TransUnion, but the company stated that it would not pay the ransom amount.
It’s unclear if the hackers used file-encrypting ransomware in the attack or whether they’re just trying to generate money by taking data and threatening to make it public. The hackers claim to have hacked into the networks of many international organizations, including banking institutions and major automobile manufacturers. If confirmed, it’d be the second Brazilian gang to target large corporations. Lapsus$ has claimed responsibility for attacks against NVIDIA, Samsung, Ubisoft, and Vodafone, claiming to have stolen source code in most cases.