As the aftermath of the TransUnion hack continues, Cell C has engaged forensic law firm ENSafrica to conduct an urgent investigation into the data breach suffered by the credit bureau.
Cell C chief legal officer Zahir Williams says the probe will establish whether the TransUnion hack may have compromised the personal information of Cell C customers.
This follows ITWeb breaking the news last week that a hacker group, N4ughtysecTU, which claims to hail from Brazil, breached TransUnion and accessed 54 million personal records of South Africans.
TransUnion SA confirmed N4ughtysecTU obtained data belonging to the bureau through the misuse of an authorised client’s credentials.
The bureau collects and aggregates information on millions of individual consumers, and many companies in SA use TransUnion's credit report monitoring service to get frequent access to customer credit history.
It has since been reported that the hackers posted a Cell C customer database as part of a series of leaks to prove their claims.
Williams tells ITWeb: “What we know so far is that TransUnion has been the target of a criminal cyber attack involving a criminal third-party who gained unlawful access to a TransUnion server.
“It is not yet conclusively known which fields of information have been affected but it is possible some customer contact information, including telephone numbers, e-mail addresses, ID numbers and physical addresses, may have been exposed.
“As our investigation progresses, we will be able to definitively determine whether any Cell C customer information was meaningfully affected, and if needs be, take appropriate action, including contacting and assisting affected customers.
“In the meantime, we are assured by TransUnion that this was an isolated incident, and that swift action was taken in accordance with best practice cyber security protocols to mitigate risk to customers.”
According to Williams: “The privacy of Cell C customer information is paramount, and we assure our customers that we continue to prioritise the protection of personal information entrusted to us.
“In the event that a Cell C customer suspects that his or her identity has been compromised, Cell C urges its customers to apply for protective registration through the South African Fraud Prevention Services at www.safps.org.za or 011 867 2234.”
The TransUnion data breach has reverberated through many sectors of the economy that use its services.
This week, the South African Banking Risk Information Centre started co-ordinating with the banking sector to ensure South Africans’ personal information is not abused by the hackers.
The Southern African Fraud Prevention Service followed, saying consumers desperately need an extra layer of identity protection against cyber criminals.
The Information Regulator demanded a report on the hack from TransUnion, which was provided. However, the regulator today took a swipe at the response by the company, saying: “The report neither provides detail on how the credit bureau will mitigate the subsequent risks nor information on how the credit bureau will remedy this crisis.”
Share