Credit bureau TransUnion has confirmed that customer data is at risk following a recent security breach..
The company says a criminal third party obtained access to a TransUnio”We have received an extortion demand and it will not be paid,” TransUnion says in a statement issued this afternoon (18 March)n South Africa server through misuse of an authorised client’s credentials.
“Immediately upon discovery of the incident, TransUnion South Africa suspended the client’s access, engaged cybersecurity and forensic experts, and launched an investigation,” it continues.
“As a precautionary measure, TransUnion South Africa took certain elements of our services offline. These services have resumed.”
It is believed that the incident impacted an isolated server holding limited data from TransUnion’s South African business. “We are working with law enforcement and regulators,” the company adds.
“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected.”
The company will make identity protection products available to impacted consumers free of charge.
“The security and protection of the information we hold is TransUnion’s top priority,” says Lee Naik, CEO TransUnion South Africa.
“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected.”
Manie van Schalkwyk, CEO of the Southern African Fraud Prevention Service (SAFPS), comments: “This alarming news is further indication that every company that holds personal information is a potential target.
“The consumer desperately needs an extra layer of protection on their identity against criminals who will turn their lives upside down without a second thought.
“How significant is the risk? It is estimated that there are 17-billion cyber attacks that take place around the world every day, not all being successful,” he adds.
Van Schalkwyk points out that the TransUnion breach is concerning as the records of 54-million South Africans may have been compromised.
“In a country where identity fraud is common practice, this is extremely concerning. It is critical that consumers act now before significant fraud is unknowingly committed on their behalf. The last significant data compromise in 2020 where more than 20-million records were compromised with another credit bureau, the SAFPS saw a rise of impersonation of more than 300%,” he adds.
Over the past two years, South African companies have been reporting that they have been victims of cyber attacks and data breaches. Some of these breaches included the compromise of personal information of consumers.
“Data breaches have been on the rise globally and South Africa has seen unprecedented increases in the number of cyber victims,” says Dalene Deale, executive head of Secure Citizen.
Secure Citizen was created through a collaboration with SAFPS and OneVault in response to a rapid growth in identity theft following online fraud. “Fraudsters do not discriminate. As we continuously move towards the adoption of a digital and more importantly ‘touchless’ era, the platform for fraud increases,” Deale says.
“Fraud is a fraudster’s business and they often use the same business tactics we use in legitimate business, the difference being that they don’t have customers, they have victims. Thanks to an increase in data breaches, fraudsters are motivated and armed with the correct information, meaning that are very capable of impersonating an individual. The impacts of this are catastrophic.”