An estimated three million customers affected by TransUnion breach

As part of their ongoing investigation to the recent data breach at TransUnion South Africa, the credit bureau says it can confirm at least three million consumers could be impacted.

TransUnion made the confirmation in a recent statement addressing the cyber incident that saw a group hack TransUnion servers and gain access to the personal records of 54 million people containing data such as ID numbers, dates of birth, gender, contact details, marital status and information. 

The identity of people’s employers, their duration of employment, their vehicle finance contract numbers, and VIN numbers may also be contained in the data set. 

“Based on our investigation to date, we believe that the incident impacted an isolated server holding limited data from our South African business. We believe that the 54 million records relate to a 2017 data incident unrelated to TransUnion,” said the credit bureau in a statement.

“At present, we have no evidence to suggest this incident extends further than Africa.”

What happened to TransUnion South Africa?

According to reports, a server belonging to the South African arm of the global agency was accessed by a “criminal third party” identified as N4aughtysecTU, a group that claims to be from Brazil.

The group is said to have accessed the server through the misuse of an authorised client’s credentials. 

The hacker group reportedly gained access to four terabytes of data and demanded a ransom of $15 million (about R223 million).

N4aughtysecTU – which is another Telegram-using and [possibly] Brazil based extortion operation – claims to have rediscovered data from the 2020 Experian South Africa breach and is demanding $7.5 million to avoid it being (re)leaked. 1/2 pic.twitter.com/K0cEdLPk25

— Brett Callow (@BrettCallow) March 23, 2022

TransUnion South Africa refused to give in to the hackers’ demands and explained that this decision was led by the belief that acceding to N4aughtysecTU’s extortion demand “would only provide them and other bad actors with an incentive to continue attacking consumers and extorting businesses.”

TransUnion South Africa also said they have identified an additional six million ID numbers that were accessed during the breach. 

“There is no personal information linked to the ID numbers that would enable us to identify the impacted consumers or to communicate with them directly at this stage.

We continue to work diligently to determine whether these ID numbers can be linked to other personal information to identify any additional impacted consumers,” added the credit reporting agency.

TransUnion is still investigating who has been impacted and has provided a notification and answers to frequently asked questions (FAQs) on their website in an effort to assist consumers.

Both of these resources are available at: https://www.transunion.co.za/customer-support/faq.

How can I find out if I was affected by the TransUnion data breach?

At this stage, TransUnion is said to be directly contacting by email or text the individuals they know to be impacted, where contact information is available.

If anyone is uncertain of the legitimacy of communication that appears to come from TransUnion, the agency recommended visiting their website and making use of their FAQ section. 

What is TransUnion doing to help affected customers?

The credit agency said that it is providing information on how affected individuals can protect themselves, including a free annual subscription to TransUnion’s tools to detect identity-related threats, as well as free access to their credit report and alerts up to 31 December 2023.

Regarding the security of the data they hold, the credit reporting agency says it has implemented “additional security measures” across its IT infrastructure and engaged a third-party expert to assess its security protocols.

READ NEXT: Information regulator ‘extremely concerned’ with TransUnion security

Compiled by Kaunda Selisho