The South African branch of TransUnion, the American consumer credit reporting agency, has been hacked.
According to ITWeb, the group managed to breach the security of TransUnion and are demanding $15 million, or roughly R223 million, in Bitcoin within the next week. If not, the perpetrators are threatening to exploit or release the 4TB of confidential information of some 54 million South Africans. That includes, but is not limited to, contact info, ID numbers, banking details, and credit scores.
TransUnion has confirmed the attack and in a statement to ITWeb, said, “We have received an extortion demand and it will not be paid.”
‘password’ is not a good password
According to ITWeb, the hacker group, which calls itself N4ughtySec and claims to operate out of Brasil, contacted ITWeb’s news editor via Telegram. The group claimed it had first gained access to TransUnion’s systems in 2012 without detection.
They were able to do this by abusing an authorised client’s credentials. The group claims the password used was “Password’. Someone’s getting fired for that. The group also claims to have contacted TransUnion CEO Lee Naik via his personal cellphone. The group pulled the number from the data it had access to.
In its statement to ITWeb, TransUnion said after learning about the incident it immediately suspended the compromised account. It also contacted cyber security and forensic experts, and launched an investigation. It also took some of its systems offline, just to be safe, but they have since been reinstated. That’s great, TransUnion, but it might be a little late for any of that.
The company said it would notify and offer assistance to clients whose personal data was involved in the leak. So, pretty much everyone. That will take the form of identity protection products TransUnion will make available for free.
How does it feel to have your data leaked?
If you think your data is among the 54 million compromised records, you’re probably right. If this makes you question your password choices, that’s good. We’ll wait while you download a password manager and change them all to random 32-character strings of capitals, lowercase letters, numbers, and special characters.
Here are some decent options: