TransUnion hackers "invite" banks, other companies to pay "insurance" fee

[Jan]

TransUnion hackers demand R224-million ransom — threaten to leak Absa, FNB, Standard Bank data

The South African division of US-based consumer credit bureau TransUnion has suffered a ransomware attack.

In a statement on Thursday, the company acknowledged that a third party had gained access to one of its servers through misuse of an authorised client's credentials.

 

[ShaunSA]

TU can pay up

 

[Kawak]

Basically, almost everyone in SA is in the possible leak, even TU can't be trusted, and they have some seriously private and sensitive data, WTF?

 

[R13...]

Don't TU already sell our data to spammers? Not sure how this is different for us "long suffering consumers".

 

[Enzo Matrix]

Ok so our data has been leaked for the tenth time. Lost count by now

So what does it matter

 

[LinuxMan]

No man:

According to N4ughtysecTU, the user’s password was “password”.

The group had demanded a $15-million (R224.4 million) ransom to return the data.

 

[RandomGeek]

"password". FFS people...

 

[EL'Diablo]

thanks IT guys at Capitec

 

[Jet-Fighter7700]

South Africa seems to be a easy target for these hackers, first Eskom root access and now TU,
maybe somebody will next post Cyrils email love letters to Putin?

 

[My_King]

Uhm uhm

Someone please place the hackers under a NDA, very effective

 

[Corelli]

Is it my imagination, or does it all seem to be vehicle finance and insurance related?

So I bought my car cash. At worse I will be clipped for insurance but they dont have my bank there either.

The problem with these large central databases are that they are prone to attack.

The largest leak was an estate agency pulling in house ownership information including people's financial info, loans outstanding and all PPI information.

Pay the ransom, the fine is about R100 million for a leak per bank or so.

 

[ToxicBunny]

Is it my imagination, or does it all seem to be vehicle finance and insurance related?

So I bought my car cash. At worse I will be clipped for insurance but they dont have my bank there either.

The problem with these large central databases are that they are prone to attack.

The largest leak was an estate agency pulling in house ownership information including people's financial info, loans outstanding and all PPI information.

Pay the ransom, the fine is about R100 million for a leak per bank or so.

Ummm yes they do have your bank, because they know which bank you pay from but regardless Trans Union have all of those details anyway so you are SOL, plus they have your ID number so can trawl the data from Home Affairs and build whatever profile they need.

And how does paying the ransom protect the banks at all? The ransom only applies to TU.

 

[neoprema]

This is always going to be a problem when the fact that your data can be sold for profit trumps the effort and spend to secure it.

Transunion is only a custodian of this data to re-sell it somehow for money. Exploit that and you find your way in ala Experian style...

 

[lkswan747]

Ok so our data has been leaked for the tenth time. Lost count by now

So what does it matter

With all the data leaks, it means that if you haven't had your identity stolen as of today, chances are your ID is not worth stealing.

 

[Willie Trombone]

This is a bit unfair MyBB



Why include Nedbank and Capitec if they're not on the list?
*EDIT* I see they are on the list, just not mentioned in the headline?

As for data from 54 million South African customers stolen, that's our entire population.

 

[EL'Diablo]

This is a bit unfair MyBB

View attachment 1272884

Why include Nedbank and Capitec if they're not on the list?
*EDIT* I see they are on the list, just not mentioned in the headline?

As for data from 54 million South African customers stolen, that's our entire population.

why was i thinking of this while looking at your picture,

 

[mpdjhb]

This is always going to be a problem when the fact that your data can be sold for profit trumps the effort and spend to secure it.

Transunion is only a custodian of this data to re-sell it somehow for money. Exploit that and you find your way in ala Experian style...

This - hackers working in small groups who do not have a million costs related to regulatory compliance can more easily afford to spend time hacking you than you could ever hope to spend on securing it in the first place.
Its a completely asymmetrical fight.

 

[Mystic Twilight]

Well now someone can impersonate you while calling the bank, they have all the answers to the kyc authentication questions.

 

[Syphonx]

In a statement on Thursday, the company acknowledged that a third party had gained access to one of its servers through misuse of an authorised client’s credentials.

If the password really was "password". It is not misuse of credentials, it is pure incompetence from TU. They should be fined just for using/allowing that password.

 

[Pak Fa Fui]

This is a bit unfair MyBB

View attachment 1272884

Why include Nedbank and Capitec if they're not on the list?
*EDIT* I see they are on the list, just not mentioned in the headline?

As for data from 54 million South African customers stolen, that's our entire population.

Why did you react like this for capitec and nedbank?