A Brazilian hacker group has breached TransUnion’s South African branch, where it stole sensitive data of over 4TB, and now demanding ransom.
TransUnion declined to pay the ransom and said it will notify the affected individuals and offer free identity protection services instead. Further, the company said it was investigating the incident further and informed the country’s law enforcement.
TransUnion Data Breach
On Friday, the American consumer credit reporting giant TransUnion revealed a data breach incident at its South African branch, where an unknown third party has stolen sensitive data contained in it. Assuring that other branch offices in the Africa region are safe, TransUnion has initiated an investigation through digital forensics and cybersecurity experts.
Also, it claims to have informed the country’s regulators and law enforcement. Promising that it will inform the affected individuals of this incident, TransUnion said it won’t pay ransom to the hackers, instead offering the impacted people free identity protection products.
While to BleepingComputer, a Brazilian hacker group named N4ughtysecTU claimed responsibility for this hack. They said to have breached one of the SFTP servers of TransUnion South Africa, which was poorly secured.
Hackers said they were able to brute force the concerned server so easily since it was guarded by a password as “Password“. This led them to exfiltrate over 4TB of sensitive data from TransUnion’s South African branch, which contains data of nearly 54 million people!
With this in hand, the N4ughtysecTU group demanded about $15 million worth of Bitcoin from TransUnion. But since the company denied it, the hacker group is now threatening to leak the stolen data.
But, it’s also offering the clients of TransUnion an offer of excluding them in the leak, if they can personally pay up the ransom for this. According to reports, the high-value business clients are demanded about $1 million, while the smaller ones are demanded $100,000.
Other Trending News:- News