TranUnion hack not a surprise: Expert

TransUnion is yet to give an update on the status of its data breach after it was hacked on Friday last week.  The company’s server was hacked giving the criminals third-party access to their data.

The credit bureau said it is working with law enforcement agencies and forensic experts and has suspended compromised client access.

TransUnion says the incident affected an isolated server holding limited data from consumers and businesses.

The company is yet to confirm if the hackers have had access to credit records of more than 54 million consumers and 200 corporations.

According to the 17th edition of the Global Risk Report released this year, Cyber security failures and digital inequality were amongst the biggest risk issues that worsened since the start of COVID-19.

The report showed Cybersecurity threats grew in 2020 and ransomware attacks increased by 358 percent and 435 last year.

Masana group IT manager Themba Ngubane says the latest hack on TransUnion is not a surprise.

Ngubane says, “Any organisation of interest will definitely be susceptible to any attacks by these hackers but this is something that is happening all over the world and we are expecting it to grow in leaps and bounds for as long as there are people and organisations of interest. In this case, because this is an organisation that is hosting personal data of multiple clients across South Africa it is understandable it became a target.”

Discussion on the hacking of TransUnion:

The attackers are asking for a ransom of R223 million from TransUnion.

Ngubane says, “They can either sell it, or they can either use it to intimidate or try to get some kind of money from these people that they have access to information. So at the end of the day, this is easy cash for them but it is also a way of having control. They will go after any organisation or person. They feel if we access them or attack them there is something in it for us.”

Consumers should be worried about increases in cyber attacks because it exposes their personal information, says Ngubane.

“One of the concerning things that is happening right now about this TransUnion story is the fact that even TransUnion does not even know to what extent is the data that the hackers have access to because we are waiting to see how these hackers are planning to use this information. Which makes sense because these hackers could be bluffing, or these hackers could just be building their case so that by the time they attack they can attack significantly in a way that it wasn’t a bluff,” Ngubane says.

Industry experts say consumers who use the internet regularly should change their passwords frequently, and avoid opening suspect emails and websites.

They also advise small and big enterprises to invest in data breach apps and seek advice from IT experts.

Consumers urged to protect their personal information:
TransUnion could face a fine

The Information Regulator of South Africa (IRSA) warned that TransUnion could face a fine of up to R10 million over a data breach.

IRSA Advocate Collen Weapond says, “It was quite shocking when the regulator learned about the security compromise. One of the actions that the regulator can take after it has considered the report is to institute an investigation or an assessment to determine if the security safeguards of TransUnion were inadequate. The regulator can move to the next step to determine the appropriate action. It can be a fine of up to R10 million or there can be criminal action instituted.”