Financial Data Security | Hackers

Hackers Claim Massive Financial Data Compromise

Millions of South Africans rely on the credit bureaus TransUnion and Experian to calculate their credit scores and give them access to financing from banks and other lenders. In a shock announcement, a Brazilian hacking group known as N4ughtySecTU declared that it had compromised the entire database of both credit bureaus and taken control of every South African financial services customer’s details as a result.

Let’s take a look at the validity of this claim, find out how Experian and TransUnion are responding to it, and discuss what this means for financial data security in the sector.

SA’s confidential credit information hacked – again

The financial industry, which has a responsibility to keep the data of millions of credit customers safe, is constantly on the alert for a nightmare scenario in which the entire system and its data falls into the hands of cybercriminals. In late November, hackers, allegedly affiliated with N4ughtySecTU, claimed that they had done exactly that

The group reached out to local journalists and made several online posts to the effect that it had captured the cumulative information of all South African credit users. They then demanded an eye-watering ransom of $60 million, failing which the data would be released on the dark web.

The claim made headlines and sent shockwaves through an industry which had just been recovering from an attack by the same group in which TransUnion’s database was compromised. The privacy of millions of South African customers was compromised in the attack, with hackers going so far as to steal President Cyril Ramaphosa’s private details.

Credit bureaus fail to confirm a cyberattack, ransom amount may be unpayable

Neither Experian nor TransUnion have confirmed that a large-scale cyberattack took place at all.

As many experts have pointed out, the enormous ransom amount being demanded – which exceeds R1 billion at the current dollar exchange rate – would be nearly impossible to pay, even if the story turned out to be true.

This has led to speculation that the ransom demand is simply an online scam designed to scare the bureaus into paying “hush money” to the hacker group.

Spotlight remains focused on cybersecurity in the financial sector

While this story evolves, cybersecurity experts in the financial industry will be reviewing their security measures to ensure that a similar attack – be it real or fake – doesn’t affect the banking and insurance sector in the future.

  • As a bank and credit customer, you may not have full control over how your information is handled by credit bureaus – but you can take proactive steps to guard both your own sensitive data and that of your clients.
  • It’s essential to confirm all correspondence from the bank – including banking app sign in messages – to guarantee that they’re genuine. When in doubt, call your branch for assistance.
  • If you receive a message saying that your personal data has been compromised, treat it with suspicion too. Contact the sender by Googling their official phone number and don’t respond directly to the number or email address that the message was sent from.
  • Business owners should note that failure to protect client data can result in a major violation of the PPI Act, with potential fines running into millions of Rands.
  • Maintaining multiple copies of data and ensuring that at least one is backed up in the cloud using secure encrypted storage is essential for every business today.

Don’t let cybercrime concerns prevent you from doing business in 2024. Our range of secure cloud storage packages are the ideal way to level up your data security.