Image created by AI
In a startling cyber-security incident that has put South African citizens' financial information at risk, a hacker group known as N4aughtySecGroup has publicized its illegal activities, showcasing security vulnerabilities within the nation's financial and social security systems. Claiming to have fraudulently collected Social Relief of Distress (SRD) grants and accessed sensitive data through breaches at credit bureaus, the group released further evidence substantiating their infiltration after initial denials from affected institutions.
The gravity of these events was first revealed last week when N4aughtySecGroup admitted to have compromised several credit bureaus including TransUnion, Experian, and XDS. Using the acquired data, hackers claimed registration of thousands of R370 monthly SRD grants under South African Social Security Agency (Sassa), rounding up to approximately R175 million ($10 million). Following widespread skepticism from the alleged breached bureaus and statements from banks, N4aughtySecGroup has published additional data as proof.
Screenshots of payment confirmations featuring fund transfers between TymeBank accounts and an Investec account, along with several text files containing account details used for grant collection, were among the released evidences. TymeBank reviewed the shared data and stressed that their systems were uncompromised, suggesting that the data might have been acquired from external parties customers interacted with. Despite the reassurance on bank security, TymeBank acknowledged encountering accounts flagged as suspicious.
TymeBank declined to elaborate on whether the accounts received illicit grant payments or if Sassa funds were directly stolen, citing procedural adherence in enabling SASSA-authorized payments. Certain accounts identified by N4aughtySecGroup, however, have had their funds frozen as a precautionary measure for ongoing investigations.
Investec, whose name surfaced via the proof of payment screenshots, opted not to comment on individual client accounts, while asserting its commitment to monitoring and reporting client activities per regulatory obligations.
This unsettling revelation comes weeks after two Stellenbosch University students unveiled extensive fraud within Sassa's systems. Joel Cedras and Veer Gosai discovered glaring vulnerabilities after falling victim to fraudulent grant registrations. Their analysis revealed Sassa's API allowed uncapped data queries, leading to unauthorized access to a startling number of SRD applications, an alarmingly high rate compared to official youth unemployment statistics.
Brenton van Vrede, head of Sassa grant admission, confirmed the breach and identified non-compliance issues with the Financial Intelligence Centre Act (Fica) among three South African banks that facilitated illicit account openings.
N4aughtySecGroup, having demanded significant ransoms from TransUnion and Experian in the past, took an unexpected turn, now demanding apologies from the compromised institutions. Their actions seem driven by a mission to expose the hidden vulnerabilities and demand accountability, threatening to escalate their disruptive activities unless their conditions are met.
The latest events, characterized by a distinct absence of any ransom demands, highlight a group determined to provoke recognition of security lapses in South Africa’s data management frameworks. To amplify the seriousness of their claims, the group provided evidence linking journalist’s personal information directly to their exposed banking data.
In a worrying development, TransUnion, Experian, and XDS have reported no recent breach, casting an aura of uncertainty on the extent of the damage and the efficacy of South Africa's data protection measures.