TransUnion South Africa servers were attacked by N4ughtysecTU hacker group by using an authorised client’s credentials
The attackers stole about 4TB of the personal data of 54 million customers of the company and threaten to release the data if ransom not paid.
Source: https://securityaffairs.co/wordpress/129224/data-breach/transunion-south-africa-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/transunion
"id": "tra02321322",
"linkid": "transunion",
"type": "Breach",
"date": "03/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '54 million',
'industry': 'Credit Reporting',
'location': 'South Africa',
'name': 'TransUnion South Africa',
'type': 'Company'}],
'attack_vector': "Unauthorized access using authorized client's credentials",
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '54 million',
'type_of_data_compromised': 'Personal data'},
'description': 'TransUnion South Africa servers were attacked by N4ughtysecTU '
'hacker group by using an authorized client’s credentials. The '
'attackers stole about 4TB of the personal data of 54 million '
'customers of the company and threatened to release the data '
'if a ransom was not paid.',
'impact': {'data_compromised': '4TB of personal data'},
'initial_access_broker': {'entry_point': 'Authorized client’s credentials'},
'motivation': 'Financial gain (ransom)',
'ransomware': {'data_exfiltration': 'Yes', 'ransom_demanded': 'Yes'},
'threat_actor': 'N4ughtysecTU',
'title': 'TransUnion South Africa Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised credentials'}