Hackers breaking into credit bureau TransUnion claim they have personal information about the president.
ITWeb interviewed the hacker group N4ughtysecTU. N4ughtysecTU demanded a hefty ransom of 15 million dollars (223 million Rs) for 4 TB of compromised data hacked by credit bureaus.
This is because the Information Regulator has directed TransUnion to report the breach in more detail.
IT web It broke news that a hacker group called N4ughtysecTU, claiming to be from Brazil, allegedly violated TransUnion and gained access to South Africa’s 54 million personal records.
In an interview, the hackers threatened to use the stolen data from TransUnion for espionage and social engineering.
In the context of information security, social engineering is the psychological manipulation of people to perform actions or divulge confidential information.
Hackers say they will leak data if the ransom is not paid. If you don’t pay, you will be credited.
“TransUnion thinks they are clever. We’ve been in their system since 2012. We have data from your president, all ministers, judges, and all prosecutors. We have all the information in their system. Everyone”.
They say what TransUnion did with the word “password” as its password was “unforgivable.”
When asked if TransUnion would not pay the ransom, N4ughtysecTU said: All data will be made public. Unfortunately, only TransUnion can save the situation. TransUnion is responsible for this and keeps the system open.”
The Information Regulator is empowered to monitor and enforce, among other things, public and private organizations that comply with the provisions of POPIA, South Africa’s data privacy law.
Organizations that do not meet the conditions stipulated by law are liable. Previously, the Information Regulator had no teeth to deal with violators of the Data Privacy Act passed in July 2020.
The law establishes a firm framework that businesses must follow to avoid fines, criminal persecution and potential reputational damage.
Violation of the rules and regulations set forth in this law can have serious business consequences, which can cost more than money and have long-term consequences.
The law stipulates a fine of up to 10 million rupees and imprisonment of up to 10 years, depending on the seriousness of the offense.
The Information Regulator met with representatives of the TransUnion Credit Bureau on Saturday, March 19, 2022 to discuss recent reports of hacking into TransUnion’s IT systems.
The regulator said in a statement: , the regulator says in a statement.
Regulators are regulated by the Privacy Act No. 2013 of 2013, where the regulatory body is the regulatory body. 4 (POPIA), any private or public entity experiencing a security breach (referred to as the “responsible party”) will notify the regulatory body and the affected party after such incident.
At a meeting between TransUnion South Africa’s CEO and regulators, regulators outlined their expectations for notification to affected data subjects.
At the meeting, it added that regulators emphasized the need for early notification of security breaches in personal data so that affected data subjects can take the necessary precautions against the misuse of their personal data.
The regulatory body considers the impact on many data subjects that may arise as a result of this event. Notifications to data subjects should not be treated as urgent. To this extent, TransUnion has agreed to submit to the regulatory body specific details about the number of affected parties and plans to notify data subjects in accordance with Section 22 of the POPIA by Tuesday, March 22, 2022.
In addition, regulators have instructed TransUnion to report the date the breach occurred, the cause of the breach, the details of the investigation into the breach, the extent and significance of the breach, and the interim actions taken for the breach. This is a security measure put in place by the TransUnion Credit Bureau to help prevent a recurrence of a security breach.
The information regulatory agencies seek from TransUnion is intended to enable them to evaluate and conduct further investigations.
Video: TransUnion Hacker Claims to Have President’s Details
Source link Video: TransUnion Hacker Claims to Have President’s Details