In a bold and alarming development, the cyber extortion gang N4ughtySec—infamous for a 2022 attack on TransUnion—has claimed to have infiltrated the systems of most major South African banks. This alleged breach reportedly stems from vulnerabilities within South Africa’s main credit bureaus: TransUnion, Experian, and XDS. According to a N4ughtySec spokesperson, compromised data from these credit agencies has been weaponized in targeted attacks on South African government entities and prominent financial institutions. N4ughtySec states that these actions are part of their ongoing campaign, escalating their threats against organizations they claim left security warnings unaddressed.
The Spark
Back in 2022, N4ughtySec initially made headlines when they demanded a ransom of $15 million (R224 million at the time) in cryptocurrency from TransUnion, threatening to release stolen data if the demand was not met. Following guidance from government officials and cybersecurity experts, TransUnion declined to pay, explaining that giving in to ransom demands would encourage further criminal activity. The decision not to pay led N4ughtySec to leak the stolen data and go silent—until recently, when they reappeared under the name N4ughtySecGroup with new demands and claims of ongoing access to South African financial data.
The Fire
In this recent wave of claims, N4ughtySec asserts that their access to South African banks remains undiminished, facilitated by vulnerabilities found within the credit bureaus’ systems. Unlike previous demands, the group is now asking not for money but for public acknowledgment of security weaknesses by the institutions they’ve breached. According to a spokesperson, they will continue their actions until the targeted organizations apologize and publicly recognize the vulnerabilities that enabled these breaches. The group has stated that they have achieved extensive access affecting government departments and financial organizations alike.
To support their claims, N4ughtySec provided MyBroadband with detailed personal and financial information on two of its journalists. The group demonstrated its access by retrieving sensitive financial data, including recent loan balances, credit card details, and home addresses, without prior assistance from the journalists themselves. The level of detail was impressive, including recently updated information such as one journalist’s vehicle insurance policy, which had changed only months ago. These findings suggest that N4ughtySec holds access to a vast amount of recent and relevant data, verifying their continued presence within these compromised systems.
In response, TransUnion has reiterated its commitment to data security and confirmed that it found no evidence of recent unauthorized access. XDS echoed these assurances, though it is actively investigating N4ughtySec’s claims. Both TransUnion and XDS maintain that protecting customer data is a top priority, with XDS confirming that no suspicious activity had been detected in its systems so far. However, Experian, another bureau allegedly targeted, has not yet issued a statement on the matter.
In Response
Amid these claims, major South African banks are conducting thorough reviews to validate any potential breaches via vulnerabilities in credit bureau systems. While investigations are ongoing, this development underscores the significant risks that data breaches pose to both financial institutions and government bodies. The situation raises critical concerns about the safeguarding of sensitive credit data and the potential repercussions on institutions responsible for protecting public and private information alike.
This ongoing case between N4ughtySec and South African institutions highlights the importance of cybersecurity vigilance and the potential impact of such breaches on a national scale. As banks and bureaus continue their investigations, it serves as a reminder of the need for robust data protection policies and responsive security measures. For consumers, understanding the vulnerabilities within organizations that hold personal financial data is crucial as the landscape of cyber threats continues to evolve.
