MyBroadband follows up on a story initially broken by ITWeb yesterday. They now report:

The South African division of US-based consumer credit bureau TransUnion has suffered a ransomware attack.

In a statement on Thursday, the company acknowledged that a third party had gained access to one of its servers through misuse of an authorised client’s credentials.

“We have received an extortion demand, and it will not be paid,” TransUnion South Africa stated.

The threat actors responsible identified themselves as Brazilians calling themselves N4ughtysecTU. They reportedly told MyBroadband that they had gained access to the personal records of 54 million South African customers totalling more than 4TB of data. MyBroadband contains a list of TransUnion-SA customers whose data was supposedly exfiltrated.

Read more at MyBroadband. It’s not clear if this group has any connection to another Brazilian group, LAPSUS$, which has struck some major companies recently. There is a Telegram account by that name, but no pinned messages or any other content as yet.