Image created by AI
A sophisticated hacker group, termed N4aughtySecGroup, has purportedly breached several credit bureaus, obtaining sensitive data from prominent South African banks like Absa and Standard Bank. This breach has reportedly facilitated the fraudulent registration and collection of Social Relief of Distress (SRD) grants, estimated to be worth millions. In a startling twist, the group is not seeking a ransom but is demanding apologies from the compromised institutions for their lax security.
Earlier this month, N4aughtySecGroup made headlines by contacting media outlets, claiming to have exploited weaknesses in the security systems of various credit bureaus and, by extension, attacking governmental and local entities. They allege that their actions have directly led to the fraudulent collection of approximately R175 million from the South African Social Security Agency (Sassa) through deceitfully registered SRD grants.
In support of their claims, N4aughtySecGroup provided the media with sensitive financial details about two journalists, including specific personal information that could only have come from a breach. Moreover, after credit bureaus and the implicated banks initially denied these breaches, the group released additional data to corroborate their assertions. This included recent files with personal information of millions of customers from Absa and Standard Bank, dating back to 2023 for the latter.
Responding to the breach, Absa and Standard Bank have conducted internal reviews. Absa acknowledged regular encounters with mule accounts but found no conclusive evidence of a recent breach directly linked to the fraudulent activities described. Standard Bank declined to comment on the illegally obtained data, reiterating their commitment to client confidentiality.
Despite robust denials from other banks such as TymeBank and Investec concerning direct compromises, the ramifications of the breach are evident. TymeBank’s Chief Technology Officer pointed out the data provided by the attackers seemed to originate from third parties that their customers might have interacted with, emphasizing the data’s age and the accounts’ limited functionality.
The hacking revelations have shone a light on broader systemic issues within South Africa’s financial and security infrastructure. Notably, the breaches exploited significant vulnerabilities in the RICA (Regulation of Interception of Communications and Provision of Communication-Related Information Act) and FICA (Financial Intelligence Centre Act) standards—meant to safeguard against fraud and other financial crimes. These revelations were indirectly confirmed by a recent investigation conducted by Stellenbosch University students, which highlighted substantial fraud and security shortcomings within Sassa’s systems.
As the story unfolds, industry leaders and regulatory bodies may need to reevaluate and reinforce their cybersecurity protocols to prevent such extensive breaches in the future, ensuring the integrity of South Africa’s financial systems and the safety of its citizens’ personal and financial data.