Info Regulator slaps TransUnion with enforcement notice

Published: 2024-03-26 08:45 +02:00 by Nkosinathi Ndlovu tag: Information security

The Information Regulator has issued TransUnion with an enforcement notice following a massive 2022 data breach.

The Information Regulator has issued credit bureau TransUnion with an enforcement notice following a 2022 data breach that led to 4TB of data relating to the records of 54 million South Africans being compromised.

“TransUnion was one of the biggest breaches that we have dealt with in terms of the number of subjects that were compromised,” Information Regulator chair Pansy Tlakula said at a media briefing in Johannesburg on Tuesday. “The regulator conducted an assessment which has found, among other things, that TransUnion breached the conditions for the lawful processing of personal information.”

The enforcement notice was served under the Protection of Personal Information Act (Popia). According to the regulator, TransUnion failed to:

Secure the confidentiality of the personal information in its possession or under its control; Take appropriate technical and organisational measures to ensure access control is implemented as directed by their own policy and did not have controls to detect this failure; Prevent unlawful access to or processing of personal information that enabled unauthorised actors to gain unlawful access through the use of compromised credentials and use of a weak password; Implement the safeguards that had been put in place in the form of access management and user creation policies; and Implement the provisions of its own security policies.

The enforcement notice stipulates remedial measures that the credit bureau has 60 days to implement and send proof of doing so to the regulator to avoid an infringement notice. As part of the remedial process, TransUnion will have to “obtain the services of a qualified auditor/audit firm” that will audit all user accounts to determine if they fall within a predetermined policy framework.

Should TransUnion not respond to the enforcement notice or fail to address the issues raised by the Information Regulator adequately, then the company could face a fine of up to R5-million for non-compliance, similar to the one imposed on the department of justice & constitutional development in June 2023.

The enforcement notice stipulates remedial measures that the credit bureau has 60 days to implement

That fine, which was the first of its kind in South Africa, is being challenged in court by the justice department, which claims that the regulator misapplied Popia in administering the penalty.

“TransUnion has until 26 May to submit to the regulator that all the remedial measures in the enforcement have been implemented,” said Tlakula.

In a statement on Tuesday, TransUnion stated that immediately after the 2022 incident, it “implemented a number of improvements” following a review by an independent forensics and security firm.

Read: Political parties in South Africa fail information access test

“We are now implementing the regulator’s additional recommendations and welcome the conclusion of the matter.” – © 2024 NewsCentral Media

Get breaking news alerts from TechCentral on WhatsApp

Enhanced Investments, Inc.
329 South Oyster Bay Road #2085
Plainview, NY 11803
team@eninvs.com

Important disclosures

Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.

Nothing on this website should be considered an offer, solicitation of an offer, or advice to buy or sell securities.
Past performance is no guarantee of future results. Any historical returns, expected returns [or probability projections] are hypothetical in nature and may not reflect actual future performance.
All the strategies assume investments in equity invstrumenta only and are more relevant for "agressive investment profile". Eastern European flagship strategy assumes using up to 20% leverage of total portfolio. GlobalCommodities and US Growth strategy currently assume no leverage.
Results for the Enhanced Investments strategies as compared to the performance of Illustrative Benchmarks is for informational purposes only. Our investment program does not mirror that of the Illustrative Benchmarks and the volatility may be materially different from the volatility of Illustrative Benchmarks. Reference or comparison to an Illustrative Benchmark does not imply that strategies of Enhanced Investments will be constructed in the same way as the Illustrative Benchmark or achieve returns, volatility, or other results similar to those of the Illustrative Benchmark. The S&P 500 is an unmanaged market capitalization-weighted index of 500 common stocks chosen for market size, liquidity, and industry group representation to represent U.S. equity performance.
Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.