The Africa-wide subsidiary of TransUnion, an American consumer credit reporting agency, has confirmed that it was hacked by self-named ransomware gang N4aughtyTU and was a victim of a data breach. The hacker group is demanding a ransom of $15 million in order to recover 4TB of personally identifiable data.

“A criminal third party obtained access to a TransUnion South Africa server through misuse of an authorised client’s credentials. Immediately upon discovery of the incident, TransUnion South Africa suspended the client’s access, engaged cybersecurity and forensic experts, and launched an investigation,” reads a statement by TransUnion.

In an interview by with the spokesperson of the South African Information Regulator it was told that the Regulator has received a notification from TransUnion in terms of section 22(1)(a) of the Protection of Personal Information Act, 4 of 2013 (POPIA).