News / Local
Hackers gain access to financial information for a large number of South Africans
03 Nov 2024 at 12:46hrs | Views
Attackers claiming to be from N4ughtySec, a cyber extortion gang that took responsibility for an attack on TransUnion in March 2022, have said that they have infiltrated most of South Africa's banks.
A spokesperson for the group contacted MyBroadband on Thursday with the explosive claim that they gained access by breaching credit bureaus TransUnion, Experian, and XDS.
"We have been hard at work rolling out our promises," N4ughtySec stated.
"We have entered the systems of the credit bureaus we successfully hacked and used the compromised data sets and backend systems to attack the South African Government and RSA organizations," they continued.
"We did warn TransUnion that failure to pay our ransom would result in ultimate destruction. We are deeply infiltrated into the governments and bank systems."
When the group first attacked TransUnion and exfiltrated the data of several million South Africans, they had demanded a $15-million (R224 million at the time) ransom in cryptocurrency to return the data.
TransUnion refused to pay, saying that was the best practice advice from government and third-party cybersecurity experts.
"Acceding to the criminal third party's extortion demand would only provide them and other bad actors with an incentive to continue attacking consumers and extorting businesses," the company said.
They said there was also no guarantee the hackers wouldn't leak the data anyway.
It is interesting to note that the hacking group operated under the name N4ughtySecTU two years ago.
The group that emerged to take responsibility for a new wave of attacks a year later uses the name N4aughtySecGroup.
When TransUnion refused to pay in 2022, N4ughtySecTU posted the data they had stolen online and disappeared.
N4aughtySecGroup emerged in 2023 demanding a $30-million (R530 million) ransom each from TransUnion and Experian or face having all their client data leaked.
The group said they never left South Africa and had retained constant access to TransUnion and Experian's systems.
Speaking to MyBroadband, the group made no financial demand this time.
"We are into most of your country's banks. We have tested all the vulnerabilities and we accessed the banks serviced by TransUnion, Experian, and XDS," they said.
"We will not stop until we receive an apology, and for the institutions we have hacked to admit the security flaws and the data and systems we have accessed. We did warn them."
The spokesperson said it also wasn't just the banks they could access via the credit bureaus.
"We have over 80 access points on their backends. We have infiltrated the customers the credit unions service, including your government," they said.
"They have left the systems unprotected. They will now suffer."
Testing N4ughtySec's claims
As proof of their claims, N4ughtySec showed the personal data they had obtained of two MyBroadband journalists.
MyBroadband did not provide them with any information about the journalists to aid the search. N4ughtySec found the data using only their first name or nickname and surname.
They returned with details about loans, including balances current as of a few months ago, credit cards, and other financial data.
This was in addition to the basic personally identifying information needed to look up this information, such as full names and ID numbers. They also had the journalists' home addresses.
The hackers were able to demonstrate that the data they had was current as of 2024.
For example, their data included the insurance company and policy number linked to one journalist's vehicle. He had moved to this insurance company just a few months ago.
TransUnion and XDS respond
MyBroadband contacted TransUnion, Experian, and XDS for comment.
"The security of the data we hold is top priority. We constantly monitor our systems and remain vigilant against any potential threats," TransUnion said.
"We have found no recent evidence that our systems have been inappropriately accessed."
XDS said that although it had not detected a breach, it was actively investigating N4ughtySec's claims.
"At XDS, safeguarding our data is of the utmost importance," a spokesperson said.
"We have not identified any security breach in our systems, nor have we detected any suspicious activity as described in the claims," they said.
"While we are not aware of any such breach, please rest assured that we are actively investigating this matter and will continue to monitor our systems closely."
Experian did not respond by publication.
MyBroadband also contacted the banks N4ughtySec said it had breached via vulnerabilities in the credit bureau's systems.
They have all responded to say they are investigating the claims.
A spokesperson for the group contacted MyBroadband on Thursday with the explosive claim that they gained access by breaching credit bureaus TransUnion, Experian, and XDS.
"We have been hard at work rolling out our promises," N4ughtySec stated.
"We have entered the systems of the credit bureaus we successfully hacked and used the compromised data sets and backend systems to attack the South African Government and RSA organizations," they continued.
"We did warn TransUnion that failure to pay our ransom would result in ultimate destruction. We are deeply infiltrated into the governments and bank systems."
When the group first attacked TransUnion and exfiltrated the data of several million South Africans, they had demanded a $15-million (R224 million at the time) ransom in cryptocurrency to return the data.
TransUnion refused to pay, saying that was the best practice advice from government and third-party cybersecurity experts.
"Acceding to the criminal third party's extortion demand would only provide them and other bad actors with an incentive to continue attacking consumers and extorting businesses," the company said.
They said there was also no guarantee the hackers wouldn't leak the data anyway.
It is interesting to note that the hacking group operated under the name N4ughtySecTU two years ago.
The group that emerged to take responsibility for a new wave of attacks a year later uses the name N4aughtySecGroup.
When TransUnion refused to pay in 2022, N4ughtySecTU posted the data they had stolen online and disappeared.
N4aughtySecGroup emerged in 2023 demanding a $30-million (R530 million) ransom each from TransUnion and Experian or face having all their client data leaked.
The group said they never left South Africa and had retained constant access to TransUnion and Experian's systems.
Speaking to MyBroadband, the group made no financial demand this time.
"We are into most of your country's banks. We have tested all the vulnerabilities and we accessed the banks serviced by TransUnion, Experian, and XDS," they said.
"We will not stop until we receive an apology, and for the institutions we have hacked to admit the security flaws and the data and systems we have accessed. We did warn them."
The spokesperson said it also wasn't just the banks they could access via the credit bureaus.
"We have over 80 access points on their backends. We have infiltrated the customers the credit unions service, including your government," they said.
"They have left the systems unprotected. They will now suffer."
Testing N4ughtySec's claims
As proof of their claims, N4ughtySec showed the personal data they had obtained of two MyBroadband journalists.
MyBroadband did not provide them with any information about the journalists to aid the search. N4ughtySec found the data using only their first name or nickname and surname.
They returned with details about loans, including balances current as of a few months ago, credit cards, and other financial data.
This was in addition to the basic personally identifying information needed to look up this information, such as full names and ID numbers. They also had the journalists' home addresses.
The hackers were able to demonstrate that the data they had was current as of 2024.
For example, their data included the insurance company and policy number linked to one journalist's vehicle. He had moved to this insurance company just a few months ago.
TransUnion and XDS respond
MyBroadband contacted TransUnion, Experian, and XDS for comment.
"The security of the data we hold is top priority. We constantly monitor our systems and remain vigilant against any potential threats," TransUnion said.
"We have found no recent evidence that our systems have been inappropriately accessed."
XDS said that although it had not detected a breach, it was actively investigating N4ughtySec's claims.
"At XDS, safeguarding our data is of the utmost importance," a spokesperson said.
"We have not identified any security breach in our systems, nor have we detected any suspicious activity as described in the claims," they said.
"While we are not aware of any such breach, please rest assured that we are actively investigating this matter and will continue to monitor our systems closely."
Experian did not respond by publication.
MyBroadband also contacted the banks N4ughtySec said it had breached via vulnerabilities in the credit bureau's systems.
They have all responded to say they are investigating the claims.
Source - mybroadband