Photo: Pixabay

TransUnion: 3 million South Africans affected by massive data hack

South Africa’s largest credit bureau, TransUnion confirmed that data of at least 3 million South Africans was captured during the data hack.


Photo: Pixabay

South Africa’s largest credit bureau, TransUnion has confirmed that at least 3 million South Africans are impacted by the massive data hack by an international group N4aughtysecTU. 

Last weekend, TransUnion confirmed that a “criminal third party” gained access to one of its servers. Over 4 terabytes of data were stolen, this includes ID numbers and other personal information. 


This week, the group leaked Cell C and ANC databases as proof that they have information of over 54 million South Africans. 

TransUnion is adamant that hackers targeted an isolated server , holding limited data on South African clients.

The credit bureau previously said that hackers have aggregated data, including the details of 54 million South Africans from a previous leak in 2017, unrelated to the latest incident. Hence it said it won’t pay the R223 million ransom. 

On Saturday, 26 March. TransUnion said based on its latest investigations, detailed information of at least 3 million South Africans was captured in the hack. 

“At this time TransUnion South Africa can confirm at least three million impacted consumers. We continue to work diligently to determine whether (the six million additional) ID numbers can be linked to other personal information to identify any additional impacted consumers.”



On Friday, 25 March, the Information Regulator said the response submitted by TransUnion was inadequate and fell short of what is required by the Protection of Personal Information Act (POPIA).

“The notification does not provide sufficient details nor remedy to the millions of data subjects, people about whom the personal information relates, whose personal information has been compromised by the TransUnion security compromise.

“It omits critical information that provides assurance on how the matter is managed. The report neither provides detail on how the credit bureau will mitigate the subsequent risks nor information on how the credit bureau will remedy this crisis. This leaves the Regulator extremely concerned regarding the adequacy of safeguards at TransUnion for the protection of personal information as is required in terms of POPIA.” 

Information Regulator

ALSO READ: Information Regulator slams hacked credit bureau’s mitigations