Brazil-based ransomware group N4ughtySecTU has threatened to leak the data of South African consumer credit reporting agencies, TransUnion and Experian within 72 hours unless its demand for a $60 million ransom is met.
N4ughtySecTU says it gained access to data from the aforementioned agencies after an initial attack in March 2022, claiming to have extracted 28 million credit records and 54 million identity numbers from TransUnion’s files.
TransUnion, refused a $15 million ransom at the time, and faced the threat of having at least 3 million South African customers’ details being released. However, TransUnion denied the breach, attributing it to a prior breach of a South African government website in 2017.
Experian, another credit bureau, breach involved the exposure of information for 24 million South Africans. The group claims to have maintained persistent access since the initial attacks, a move that has given it enough information to demand $60 million ransom this time.
Response from the Targeted Credit Agencies
Both TransUnion and Experian have acknowledged N4ughtySecTU’s demand but dispute the claims. The credit agencies state that thorough investigations have found no evidence of inappropriate data access or exfiltration. Additionally, they highlighted a peculiar detail in the email used by N4ughtySecTU to contact media and executives, saying the group misspelled its own name.
While both credit agencies are not strangers to data breaches, there is currently no confirmation of N4ughtySecTU’s access to the companies. The situation shows the complex challenges in verifying and responding to cyber threats, where claims and counterclaims require thorough investigation to determine the true extent of a potential breach.