South Africa credit bureau breached, data reportedly held for $15M ransom

South Africa tech news site ITWeb reported that a group calling itself N4aughtysecTU is taking responsibility.
Johannesburg, South Africa, Sandton financial district
The Sandton financial district of Johannesburg, South Africa. (Getty Images)

One of the top credit bureaus in South Africa has suffered a data breach, and the hackers are demanding about $15 million in ransom, according to news reports.

The country’s arm of TransUnion confirmed Thursday that “a criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client’s credentials.” The company said the ransom demand “will not be paid.”

South African news site ITWeb reported that a group calling itself N4aughtysecTU, which claims to be be based in Brazil, is taking responsibility.

“We are N4ughtySec Group hackers. We have hacked TransUnion South Africa since 2012,” the group claimed in a Telegram chat with ITWeb. There were no details about the group’s attack, although it claims TransUnion used a weak password in one part of its network.


“We have over 4TB of all their customers’ information. The information includes over 200 corporate companies,” the purported cybercriminals said. “We have been in contact with TransUnion and they have been given our ransom demands. They were alerted on Friday, the 11th March 2022.”

ITWeb said the hackers are asking for bitcoin worth about 223 million in South African rand, or about $15 million.

Johannesburg-based TransUnion said it notified authorities and is working with cybersecurity experts to respond to the breach.

“We believe the incident impacted an isolated server holding limited data from our South African business,” TransUnion said. “We are working with law enforcement and regulators.”

The company posted a Q&A for South African consumers on its FAQ page. TransUnion provides credit bureau services in more than 30 countries.


In 2020, the South Africa division of credit bureau Experian was breached when someone posing as a client tricked the firm into handing over information about hundreds of thousands of people. A suspect was arrested in September 2021.

Latest Podcasts