Cape Town — TransUnion has confirmed that a criminal third-party obtained access to its South African server through misuse of an authorised client's credentials.
"We have received an extortion demand and it will not be paid," the company said.
A Brazilian hacker group, N4aughtysecTU, has claimed responsibility and said it gained access to millions of South Africans' ID numbers, banking details, and credit scores.
TransUnion says immediately upon discovery of the incident, it suspended the authorised client's access, engaged cyber security and forensic experts, and launched an investigation.
The group has reportedly given TransUnion seven days to pay the ransom in bitcoin.
The statement reads;
A criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client's credentials. We have received an extortion demand and it will not be paid.
Immediately upon discovery of the incident, TransUnion South Africa suspended the client's access, engaged cybersecurity and forensic experts, and launched an investigation. As a precautionary measure, TransUnion South Africa took certain elements of our services offline. These services have resumed. We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators.
We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected. We will be making identity protection products available to impacted consumers free of charge.
"The security and protection of the information we hold is TransUnion's top priority", said Lee Naik, CEO TransUnion South Africa. "We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected."
The U.S. company has a presence in more than 30 countries around the world.