TransUnion hacked and held to ransom. Is your personal information at risk?

On Friday, 18 March, TransUnion announced that their systems had been hacked and were being held to ransom. As one of the largest credit bureaus in the world, this breach includes 54 million records of personal information.

The Southern African Fraud Prevention Service (SAFPS) said that although TransUnion was trying to retrieve the compromised data, their efforts appeared to be unsuccessful.

It appears that the criminals gained access to the South African business data server by using the login credentials of one of their clients.

The announcement mentioned that they had received an extortion demand from a criminal third party and that they were not going to pay the ransom amount.

According to Lee Naik, TransUnion’s CEO protecting client data is their “top priority” and they are committed to helping everyone whose information might have been affected.

Data breaches of this sort are not uncommon. In fact, there are many data breaches every month and we only hear of a few. Many companies don’t realise that their data has been compromised and others try to resolve the issue before it is discovered, in order to prevent brand reputation risk.

Covid-19 caused an increase in digital usage as people had to work, shop and go to school online during the lockdowns. This massive uptake in internet usage was the perfect storm for hackers to take advantage and in 2020 another credit bureau, Experian was hacked. In this attack, 24 million South African records were stolen.

Banks have also been targeted and Absa announced two breaches. One was in November 2020 and the second was in 2022. Standard Bank announced that their LookSee platform was breached. The announcement was made in November 2021 – 18 months after the breach had occurred.

Criminals have used this personal information to commit identity theft and impersonation crimes have risen by 300%.