A hacking group claims to have exploited vulnerabilities in South Africa’s credit bureaus to infiltrate the financial system and fraudulently collect Social Relief of Distress (SRD) grants. The group has now released additional information as evidence to support its claims.
Last week, the group calling itself N4aughtySecGroup alerted the media, claiming to have breached multiple credit bureaus, including TransUnion, Experian, and XDS.
It said it used this access to fraudulently register grants and open over 100,000 bank accounts in individuals’ names, collecting a total of R175m.
In response to credit bureaus denying any breach and banks asserting that no leaked data originated from their systems, N4aughtySecGroup released additional data to substantiate its claims. This included screenshots of payment confirmations displaying funds transferred between TymeBank accounts and an Investec account.
The N4aughtySecGroup also released several text files listing dozens of TymeBank accounts it claimed were used to collect the fraudulent SRD grants.
Tymebank enables payments requested by Sassa.
“The bank cannot comment on whether funds have been stolen from Sassa,” TymeBank chief technology officer Bruce Paveley said. He added that TymeBank had reviewed the data and had frozen some accounts listed by the hackers.
He said he was confident that the TymeBank systems had not been breached. He added that the data, dated a few months old, was obtained from another party that customers may have interacted with separately.
“Our investigation indicates the accounts in question are low transaction value accounts with very limited functionality and transaction limits.”
Investec declined to comment on the proof of payment screenshots shared by the N4aughtySecGroup.
“Owing to the confidentially pertaining to client accounts, we are unfortunately unable to share any more detail in this regard,” Investec stated.
Meanwhile, other financial institutions, including FNB and Nedbank, have maintained that their systems remain secure, emphasising their continuous monitoring and fraud-prevention measures.