The N4ughtysecTU data leak – TransUnion, Experian & DOHA (Deeds-breach) – What do you do if your data is leaked

By Professor Danny Myburgh, Managing Director at Cyanre, The Digital Forensic Lab

On Friday night 25 March 2022 the hacking group known as N4ughtysecTU, re-released massive quantities of previously leaked private information of South Africans. Between all the data breaches that have taken place in South Africa over the past two to three years we have to acknowledge the fact that all our data is out there – where criminals use and abuse our data.

As citizens, the three major questions we should answer are:

  • Why is our Data so valuable
  • What will criminals do with it and
  • What should I do?

The first two questions are relatively simple to answer. Criminals and organisations “dealing in data” will perform data enrichment with the data. During this process they will take different sets of leaked data and will combine it. Say for example that in one data leak your ID number, email address and telephone number were leaked and in another your ID number, bank account number and a password. By combining these two sets, they now have a record that contains your ID number, bank account number, your email address, your password and your telephone number.

With this information criminals can perform a number of actions. They could:

The second aspect to consider, now that your data has been leaked is – what can you do about it or how do we learn to live with it?

Here are some stapes you can take, and should be taking regularly as a matter of principle going forward:

  • Find out what was compromised by contacting the company that was breached.
  • Check for updates from the company which was breached.
  • Find out what support the Responsible party (the hacked organisation) will provide.
  • Do not use the information that may have been compromised to confirm your identity in future. Rather use other personal information that you have not used previously.
  • Change your password for the compromised site and regularly change all your passwords and don’t share it with anybody.
  • Change your security questions.
  • Don’t use the same password everywhere.
  • Consider your rights and legal recourse.
  • Watch your bank accounts and, check your credit reports.
  • Freeze your credit if you suspect that it has been breached.
  • Consider identity theft protection services.
  • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
  • Do not disclose personal information such as passwords and PINs when asked to do so by anyone.
  • Activate two-factor authentication on all your accounts where possible.

There are many role players and different levels of responsibility when we consider the safety of our personal data. Ensure you know what your responsibility is and how to take relevant steps to protect your own data and keep it as secure as possible.