Many were left astounded on Friday morning, 18 March 2022, when the news of TransUnion being hacked broke out. It was reported that nearly 54 million South Africans data would be exposed, with a ransom demand of over R220m to TransUnion. The unsettling realization hit that most of us could be exposed at any moment.
TransUnion have subsequently confirmed that a breach occurred and investigations are underway, but the extent of the data breach is nowhere near what has been publicized. TransUnion also confirmed that they will not succumb to the conditions of the ransom. News then soon broke that the hackers, N4aughtysecTU, will be demanding ransoms from over 200 corporations, whose data can be identified from the stolen data.
The true extent of the data breach will no doubt become known over the next coming days, but either way, the cyber risk landscape is far from benign. There will be a number of attacks trying to leverage the TransUnion compromise, and please let’s not forget about the war in Ukraine.
As is always the case, it’s important to remain vigilant. It’s a good time to:
- Be cautious when sharing any credentials online, be they usernames, passwords, pin number, or any personal information; not just on emails but on phone calls and text messages. Make sure that your bank or other financial institution messages are not going to your email, phone or messages. Be weary of any unsolicited messages.
- Now is not a bad time to change passwords across the platforms you use, from mail to social media and maybe work accounts for good measure. Please ensure you use more complex passwords of passphrases. If you can, enable multi factor authentication.
- Apply security updates to Windows, your internet browser, anti-virus etc. as soon as you can.
The cyber risk landscape is complex but a healthy dose of vigilance and skepticism can go a long way in protecting you and your employer.
Author: Ryan van de Coolwijk.
Product Head: Cyber