Major South African Financial Systems Breach and Grant Fraud Scheme
Learn More
A cybersecurity incident has been reported involving multiple South African financial institutions and credit bureaus.
A threat actor, identifying themselves as N4aughtySecGroup, claims to have orchestrated a sophisticated breach affecting TransUnion, Experian, and XDS credit bureaus, leading to extensive fraud involving social relief grants and bank account creation.
The attackers claim to have fraudulently opened over 100,000 bank accounts, accumulated approximately 175 million Rand through fraudulent activities and targeted Social Relief of Distress (SRD) grants through TymeBank's payment system.
The exact types of compromised data have not been fully disclosed by the involved institutions, but given the nature of the fraud (grant registration and bank account opening), it likely includes:
- Personal identification information
- Banking details
- Grant application data
The exact number of affected individuals beyond the claimed 100,000 fraudulent accounts has not been disclosed. The total financial impact is estimated at R175 million according to the threat actors' claims.
To substantiate their claims, N4aughtySecGroup released screenshots of payment confirmations showing transfers between TymeBank accounts and an Investec account, text files containing lists of allegedly compromised TymeBank accounts and data demonstrating access to credit bureau information
Chief Technology Officer Bruce Paveley of TymeBank confirmed the review and freezing of suspected fraudulent account, but denied any direct system breach. TymeBank states that the compromised data was likely obtained from a third party and that the affected accounts were low-value with limited functionality.
Investec declined to comment on specific transaction evidence citing client confidentiality.
TransUnion, Experian, and XDS have denied any security breaches. Other referenced banks like FNB and Nedbank maintain their systems remain secure.
