TransUnion databases

Photo via: Pixabay

TransUnion SA hacked: Credit bureau confirms ‘extortion demand’

TransUnion SA confirmed the breach of its servers. A Brazilian hacker group has claimed responsibility and said it gained access to millions of South Africans’ ID numbers, banking details and credit scores.

TransUnion databases

Photo via: Pixabay

TransUnion South Africa confirmed that a “criminal third party” gained access to one of its servers. A hacker group has reportedly claimed responsibility for the hack and the company said it will not meet their ransom demands.


TransUnion, which is one of the country’s largest credit bureaus, said the hackers gained access to its server through misuse of an authorised client’s credentials.

The American company has a presence in more than 30 countries around the world.

“We have received an extortion demand and it will not be paid,” said the company in a statement on Thursday.

The credit bureau said it immediately suspended the client’s access once the hack was discovered. It also reached out to cybersecurity and forensic experts. An investigation is underway.

“As a precautionary measure, TransUnion South Africa took certain elements of our services offline. These services have resumed,” said the bureau.

“We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators.”

TransUnion said clients whose personal data may have been compromised in the hack will be notified and assisted as the investigation progresses.

“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected,” said TransUnion SA CEO, Lee Naik.


Local technology publication ITWeb broke the story on Thursday, 17 March. It said a Brazilian hacker group by the name of N4aughtysecTU claimed responsibility for the hack and alleged that it accessed the personal records, including credit scores, banking details and ID numbers, of millions of South Africans.

N4aughtysecTU is reportedly demanding a $15 million ransom (R224m) from TransUnion for over four terabytes of data.

“If they don’t pay, we will attack all their corporate clients,” said the group to ITWeb via Telegram.

The group has reportedly given TransUnion seven days to pay the ransom in bitcoin.