University of Johannesburg centre for cybersecurity director Basie von Solms suspects a couple he knows lost nearly R100,000 due to the TransUnion data breach.
Speaking to Sunday paper Rapport, Von Solms said the cybercriminal had a trove of information about the couple.
The attacker used this information to convince the pair that he was a representative from their bank trying to block fraudulent transactions.
Von Solms said the pair knew they shouldn’t provide any passwords over the phone, but the thief succeeded in gaining their trust.
The criminal kept them busy for an hour, telling them the balances in their accounts and details about their private contracts.
Von Solms said the couple couldn’t believe the conman wasn’t someone from their bank afterwards.
Based on their experience, Von Solms advised that South Africans should immediately end a call with anyone claiming to be from their bank, then call the bank yourself.
He said you shouldn’t speak with the person. If they are a con-artist, the more they talk, the more they will convince you to trust them.
In March, a hacking group calling themselves N4ughtySecTU claimed to have breached TransUnion’s systems and threatened to leak four terabytes of data if the credit bureau didn’t pay a $15-million (R242-million) ransom.
TransUnion later confirmed that the attackers had exfiltrated the personal data of 3 million customers, which included:
- ID numbers
- Dates of birth
- Contact details
- Marital status and information
- Identities of employers and durations of employment
- Vehicle finance contract numbers and VINs
Another 6 million ID numbers were exposed that had no personal information linked.
The credit bureau denied the hacking group’s claims that it had obtained data on 54 million South Africans from its systems. It said the attackers had obtained that data from an earlier leak.
In addition to a Home Affairs database of 54 million ID numbers and address data, N4ughtySecTU said it had obtained data belonging to a list of companies, including car dealerships, vehicle tracking services, and various financial services providers.
These include major banks, insurance companies, and medical aids.
Later, the attackers leaked a Cell C customer database and an ANC members’ database.
Information regulator chair Advocate Pansy Tlakula told Rapport that they don’t have jurisdiction to investigate how stolen data is misused.
Tlakula explained their investigations were limited to finding out whether sufficient security measures were in place to protect data and if data was leaked due to negligence.
Her comments follow the disclosure from Dis-Chem that nearly 3.7 million client records were compromised due to a ransomware attack on a third-party service provider.
The breach contained first and surnames, e-mail addresses, and cellphone numbers according to Dis-Chem.