Crooks claims to have stolen 4TB of data from TransUnion South Africa

TransUnion South Africa discloses a data breach, threat actors who stolen sensitive data, demanded a ransom payment not to release stolen data.

TransUnion South Africa announced that threat actors compromised a company server based in South Africa using stolen credentials. Threat actors have stolen company data and demanded a ransom payment not to release stolen data.

As a precautionary measure, the company temporarily took part of its infrastructure offline.

“A criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client’s credentials. We have received an extortion demand and it will not be paid.” reads the statement published by the company.

TransUnion notified law enforcement and the country’s regulators.

The company has declared that it will not pay the ransom and hired cybersecurity and forensic experts to investigate the extent of the security breach.

The company believes the security breach only impacted an isolated server holding limited data from South African business.

“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected. We will be making identity protection products available to impacted consumers free of charge.” continues the statement.

“The security and protection of the information we hold is TransUnion’s top priority”, said Lee Naik, CEO TransUnion South Africa. “We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected.”

BleepingComputer reported that the Brazilian cybercrime group “N4ughtysecTU” has claimed responsibility for the attack and allegedly stolen 4TB of data.

The attackers claim to have hacked a poorly secured TransUnion SFTP server and stolen data related to 54 million customers.

The group told BleepingComputer that conducted a brute force attack on the SFTP server and breached an account using the password “Password.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.