TransUnion's explanation of hacking 'inadequate, unsatisfactory' - Information Regulator
Inadequate, unsatisfactory and in violation of the Protection of Personal Information Act.
That's the harsh and blunt criticism by the country's Information Regulator of TransUnion's explanation following a recent hacking incident.
It exposed 54 million records of South Africans, including personal, credit and banking information.
The hackers are threatening to release the information if they're not given R225 million.
The regulator had written to the credit bureau following the security breach.
READ: Information regulator gives Transunion deadline to notify clients following cyberattack
The body's Nomzamo Zondi says they have given TransUnion until next Friday to provide another detailed response.
"The regulator will conduct an assessment on its own initiative into the appropriateness of TransUnion's security measures on integrity and confidentiality of personal information.
"The regulator has asked TransUnion to provide it with confirmation that a criminal case has been opened with the SAPS, in terms of the Cybercrimes Act. If no criminal case has been opened, the regulator has requested reasons for the delay in doing so."
MORE FROM ECR
