2 min read

Hackers demand $15 million ransom from TransUnion after cracking "password" password

Graham CLULEY

March 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers demand $15 million ransom from TransUnion after cracking "password" password

International credit bureau TransUnion says that hackers managed to breach a server operated by its South African division, and gained access to the personal information of individuals.

According to an FAQ published by TransUnion South Africa, the cybercriminals gained access to the sensitive data by using the compromised credentials of one of the company's clients.

The firm says that the exposed data "may include personal information, such as telephone numbers, email addresses, identity numbers, physical addresses, and some credit scores."

As a precaution, TransUnion South Africa took some of its infrastructure offline temporarily while it investigated what had gone wrong.

A Brazilian hacking group calling itself N4aughtysecTU has claimed responsibility for the data breach, and has told the press that it stole 4TB of data, containing the records of 54 million customers.

Embarrassingly, the hackers claim that the account they compromised to gain access to data on TransUnion's server was protected with a password of "password".

N4aughtysecTU sent an extortion demand to TransUnion South Africa that requests R223 million (approximately US $15 million) in cryptocurrency in exchange for not releasing the stolen data.

The hackers have also threatened to access TransUnion's clients with financial demands.

TransUnion South Africa says it will not pay the ransom, and that it has brought in cybersecurity experts to assist in its response to the incident.

In addition, TransUnion has attempted to debunk N4aughtysecTU's claims that 54 million records have been exposed, claiming that those records relate to a 2017 data incident not involving TransUnion.

What TransUnion South Africa isn't saying is just how many individuals may be affected by the breach, or how much data the hackers may have accessed, beyond their generic claim that it believes "the incident impacted an isolated server holding limited data from [its] South African business."

For those victims who have had their data breached it is particularly galling.  They may have little reason to have ever heard of TransUnion South Africa, let done direct business with them. However, companies will have made use of TransUnion’s credit-checking services to determine if consumers should be approved for a loan or allowed to open an account.

TransUnion says it is offering individuals whose personal data may have been affected by the breach a free annual subscription to the TrueIdentity identity protection run by ... err... TransUnion.

Yes, TransUnion had your personal data without your knowledge or permission.  TransUnion suffered a data breach which resulted in that data ending up in the hands of hackers.  TransUnion says you can use its products to protect yourself from identity thieves.

Surely the best protection of all would have been if they hadn't been storing people's data with inadequate security in the first place.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Cyberattack Disrupts 7-Eleven Stores in Denmark Cyberattack Disrupts 7-Eleven Stores in Denmark
Alina BÎZGĂ

August 10, 2022

1 min read
Leaky platform at Chinese adult platform exposed sensitive info of 14 million users Leaky platform at Chinese adult platform exposed sensitive info of 14 million users
Alina BÎZGĂ

August 08, 2022

1 min read
America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns
Filip TRUȚĂ

August 05, 2022

2 min read