Avatar photo

By Faizel Patel

Senior Digital Journalist

Hackers threaten to leak every South African’s private financial data in R1.1 billion ransom

The hacker, the Brazil-based N4ughtySecTU Group, which has hacked TransUnion before says it has again bypassed the organisation’s firewalls

Hackers have threatened to leak every South African’s private financial data unless two of the country’s largest consumer credit reporting agencies, TransUnion and Experian pay a sum of R1.1 billion in ransom.

TransUnion and Experian, may have been hit by a fresh data cybercrime attack, which could expose South Africans financial and personal data.


The hackers, the Brazil-based N4ughtySecTU Group, which has hacked TransUnion before said it had again bypassed the organisation’s firewalls and security and managed to get away with the data, according to Times Live.

The hackers demanded $30m [about R565m] from TransUnion and $30m from Experian.

“Ensure your response teams contact us on Session [a private communication platform] for payment instructions,” they said in the message sent to senior managers and directors at both organisations.

ALSO READ: President Cyril Ramaphosa’s personal financial information hacked

No hack

TransUnion and Experian confirmed the demands, and both disputed the group’s claims of an ongoing hack on their systems.

“Following recent media coverage, TransUnion South Africa confirms it is aware of a financial demand from a threat actor asserting they have accessed TransUnion South Africa’s data. We have found no evidence that our systems have been inappropriately accessed or that any data has been exfiltrated.

“We’ve likewise seen no change to our operations and systems in South Africa related in any way to this claim. We are continuing to monitor closely. We treat matters regarding our information security seriously, and data security remains our top priority,” TransUnion said.

Not the first time

In March 2022, N4ughtysecTU claimed responsibility for the ransomware attack on TransUnion.

As part of their investigation to TransUnion South Africa confirmed that at least three million consumers were be impacted.

The consumer agency said hackers gained access to the personal records of 54 million people containing data such as ID numbers, dates of birth, gender, contact details, marital status and other information.

Experian made headlines in August 2020, after it experienced a data breach that was first reported by the South African Banking Risk Centre (Sabric).

The hack exposed the personal information of as many as 24 million South Africans and 793 749 business entities to a fraudster.

In March, Experian data fraudster Karabo Phungula was sentenced to 15 years in prison by the Specialised Commercial Crimes Court after he obtained the dataset under false pretences.

Ramaphosa hack

President Cyril Ramaphosa has also come under attack.

In May last year, a hacking group called SpiderLog$ obtained the details of a loan Ramaphosa took out from one of South Africa’s top four banks in the 2000s.

SpiderLog$ used Ramaphosa’s data to draw attention to glaring vulnerabilities in South African security systems, especially those used in government departments including defence and state security.

SpiderLog$ supplied screenshots to the paper proving they could access sensitive military and intelligence data.

The SpiderLog$ hackers said South Africa was a “playground for hackers” and apart from top political figures, the Department of Defence (DoD) and the State Security Agency (SSA) which hold some of South Africa’s most sensitive and military information have also been targeted.

ALSO READ: An estimated three million customers affected by TransUnion breach

Read more on these topics

Cybercrime hackers ransom