South African residents are at a high risk of having their personal details exploited by malicious actors, according to research from Surfshark.
The study ranked South Africa sixth in the world when it comes to the nations most threatened by cybercrime, but its numbers are relatively low compared to the UK and the US.
The methodology behind the study included assigning figures for cyber threats, financial losses, and probability points to determine how likely residents of a country are to have their exposed data accessed and used maliciously.
South Africa’s figure of 52 victims per one million Internet users is around 92 times lower than that of the UK, which has 4,783 victims per one million internet users, and about 29 times lower than that of the US.
Surfshark said it used FBI data to develop its index.
It lists South Africa seventh in terms of the number of cybercrime victims — behind France. (The FBI also ranks the Netherlands lower than Surfshark.)
South Africans’ details have been exposed on numerous occasions in recent years.
The South African division of US-based consumer credit bureau TransUnion suffered an attack that exposed customer details, including telephone numbers, email addresses, identity numbers, and physical addresses.
The company revealed that the breach impacted approximately three million consumers and 600,000 businesses.
It stated that a criminal third party had gained access to its servers by misusing an authorised customer’s credentials.
TransUnion confirmed that the data included ID numbers, date of birth, gender, telephone number, email address, physical address, marital status, employer, duration of employment, vehicle finance contract number, and vehicle identification number.
N4ughtySecTU — the group that claimed responsibility for the attack — alleged it had acquired 4TB of data that included a database of 54 million South Africans. TransUnion received a ransom demand of $15 million (R237 million), which it refused to pay.
Although TransUnion claims the attacker exfiltrated 3.6 million records from its systems, N4ughtySecTU said it obtained several databases.
These include an ANC member database, a Cell C customer database, and TransUnion’s own customer database for its identity protection product.
Department of Justice ransomware attack
Director-general advocate for the DoJ, Doctor Mashabane, said the compromised files could include the names, banking details and contact details of the department’s clients.
MyBroadband was told by a source close to the issue that the attackers had demanded a ransom of 50 Bitcoin (R31 million) to remove the encryption. The DoJ denied that it had received ransom demands.
The attack disrupted the department’s electronic services, including the Master’s office. It affected bail services, letters of authority, email, and the DoJ website. Its systems only began returning to service a month after the breach occurred.
Transnet ransomware attack
Transnet was the victim of a cyberattack that forced the company to declare force majeure at container terminals and adjust to the manual processing of cargo.
South Africa’s port and rail company appeared to have been hit by a similar strain of ransomware linked to a chain of high-profile data breaches likely carried out by cybercriminals from Eastern Europe and Russia.
A ransom note left by the attackers claimed they had encrypted Transnet’s files, including a terabyte of personal data, financial reports and other documents.
As with many ransomware attacks, it also directed Transnet to a dark web chat portal to negotiate with the hackers. Public enterprises minister Pravin Gordhan later revealed that no ransom had been paid during a media update in August 2021.
In August 2020, the South African Banking Risk Centre (Sabric) revealed that Experian had suffered a data leak.
Several of South Africa’s prominent banks are Experian clients. As a result of the leak, the personal banking-related information of 24 million South Africans and 793,749 businesses were exposed.
It was not long before the exposed data was posted online, and re-leaked on Telegram.