TransUnion South Africa announced that threat actors compromised a company server based in South Africa using stolen credentials. Threat actors have stolen company data and demanded a ransom payment not to release stolen data.
As a precautionary measure, the company temporarily took part of its infrastructure offline.
“A criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client’s credentials. We have received an extortion demand and it will not be paid.” reads the statement published by the company.
TransUnion notified law enforcement and the country’s regulators.
The company has declared that it will not pay the ransom and hired cybersecurity and forensic experts to investigate the extent of the security breach.
The company believes the security breach only impacted an isolated server holding limited data from South African business.
“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected. We will be making identity protection products available to impacted consumers free of charge.” continues the statement.
“The security and protection of the information we hold is TransUnion’s top priority”, said Lee Naik, CEO TransUnion South Africa. “We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected.”
BleepingComputer reported that the Brazilian cybercrime group “N4ughtysecTU” has claimed responsibility for the attack and allegedly stolen 4TB of data.
The attackers claim to have hacked a poorly secured TransUnion SFTP server and stolen data related to 54 million customers.
The group told BleepingComputer that conducted a brute force attack on the SFTP server and breached an account using the password “Password.”
(SecurityAffairs – hacking, Data breach)