Consumer & Business Website Notification

 

What Happened

TransUnion South Africa was targeted in a cyber-attack where a criminal third party, calling themselves N4ughtySec, obtained limited access to a TransUnion South Africa server through misuse of an authorised client’s credentials.

The criminal third party aggregated and released samples of data allegedly obtained from TransUnion South Africa with other sources of data, including at least 54 million records unrelated to TransUnion from data breaches dating back to 2017. With the help of outside experts, we reviewed this data as quickly as we were able to safely access it.

Immediately upon discovery of the incident, TransUnion South Africa suspended the client’s access and appointed a world-leading forensic firm to lead our investigation. We continue to work closely with South African regulators and law enforcement agencies in South Africa and the US.

Potential Impact

The TransUnion South Africa team has worked closely with external experts to understand what data was affected. Our understanding is that data relating to up to 5 million consumers was potentially affected by the incident with a further 5.2 million consumers having had only ID numbers affected, but with no personal information linked to the ID number. For businesses, a total of 600,000 organisations were potentially affected by the incident.

Fields of information that may have been affected include:

  • For consumers: Name, ID number, date of birth, gender, telephone number, email address, address, marital status and information, identity of employer and duration of employment, vehicle finance contract number, and VIN (Vehicle Identification Numbers) numbers. In isolated circumstances, spouse information, passport numbers, credit or insurance scores may be impacted. Each consumer may have had a combination of different fields affected, depending on what data was available. For the remaining 5.2 million consumers who had only ID numbers affected, we identified contact details for the majority of these consumers in order to notify them.
  • For businesses: Company registration number, TransUnion business reference number, business name, business type (public, sole proprietor, etc.), business address, business contact number, email address, business credit scores, industry sector classification code and description, principal ID number, principal name and surname, and principal position (director, trustee, representative, member, etc.). Each business may have a combination of different fields impacted, depending on what data was available.

Access to personal or business information can create opportunities for criminals to impersonate you or your business but does not guarantee access to your / your business’s banking profile or accounts. However, criminals can use this information to trick you or your employees into disclosing your confidential banking details. This could potentially be used by third parties in various ways to commit fraudulent scams, such as application fraud or the changing of banking details via an email compromise.

How to Protect Yourself / Your Business

We appreciate that situations like this can create uncertainty and we want to support you or your business through any concerns you may have. Where contact information was available, we directly contacted (by email or text) the individuals and businesses who were known to be potentially impacted.

We have made identity protection products available to individuals and businesses whose information was illegally accessed from TransUnion South Africa.

  • For consumers: TransUnion is offering an annual subscription of TrueIdentity free of charge. TrueIdentity gives people the information and tools to detect identity-related threats and if need be, a way to get help to recover from them. When the free one-year subscription to TrueIdentity lapses, we will provide affected individuals with a free ongoing TrueCredit subscription until 31 December 2023. TrueCredit provides credit monitoring and credit alerts as well as monthly credit reports.
  • For businesses: TransUnion is offering a subscription to Business Credit Reports every 2 weeks free of charge until 31 December 2023. These tools will provide awareness of changes to the credit profile of your business and allow you to mitigate against unsolicited business engagements using your company details.

Over and above the direct notifications, we published notifications of the security compromise to impacted consumers and businesses on radio stations, newspapers and via social media channels broadcasting in each official language and covering all nine provinces in South Africa. If anyone is uncertain of a communication that appeared to come from TransUnion, we recommend visiting our website by typing in the following web address: www.transunion.co.za site.

If you receive a message that asks you to provide personal or business information directly to the sender, or that directs you to a website other than the www.transunion.co.za site, it may be a fraud attempt. Please be vigilant of phishing attacks and remember that a TransUnion representative will never ask for your or your business’s banking details, bank PIN or user login password.

We would encourage you or your business, as a precaution, to follow these security recommendations:

  • Do not disclose personal / business information such as passwords and PINs when asked to do so by anyone via phone, fax, text messages or even email.
  • Change your passwords regularly and never share these with anyone else.
  • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
  • Perform frequent anti-virus and malware scans on your personal / business computer(s) and mobile device(s), using software that is up to date.
  • Do not click on any suspicious links.

Regularly reviewing your credit report is a great way to check your credit data, and guard against identity theft and financial fraud.

Measures Taken by TransUnion

TransUnion believes responsible data stewardship is fundamental to our mission. We continuously look for ways to further strengthen our defences against unauthorised access of any kind to our systems or data. Our focus remains on ensuring we comply with the most current privacy regulations and that we are able to meet or exceed business’ and consumers’ evolving security and privacy expectations.

Alongside our investigation, we have reviewed and evaluated our systems and processes to ensure we have the highest standards of security in place across all of our operations. We continue to work closely with regulators and law enforcement bodies, and we are consulting key industry and trade associations in our continuous efforts to evolve our security posture and ensure high security and privacy standards. We have been proactive in reviewing and evaluating all of our systems, including a forced password reset to ensure clients comply with our password complexity policy.

Investigation Update

As our investigation continues, our teams have been working alongside multiple regulatory, law enforcement and industry bodies to ensure we maintain as full and comprehensive an understanding of the potential impact on all of our consumers, businesses and suppliers as possible.

We are working closely with South African regulators and law enforcement agencies in South Africa and the US. As is common with criminal attacks of this nature, it is not always possible to identify who is responsible for this malicious conduct. Alongside these agencies, our investigation is supported by our external industry security experts.

An investigation of this nature is likely to take several weeks and we will continue to share information with all law enforcement agencies to support their ongoing criminal investigation. Should we identify the suspect, we will work with law enforcement agencies and disclose the identity of the suspect only if law enforcement agencies think that it is appropriate.

The protection of the information we hold is a top priority for TransUnion, and we sincerely regret any inconvenience or concern this incident may have caused you or your business.

Top 6 FAQs

1. Update: South African Cyber Incident

  1. What type and volume of data was affected by this incident?

    • A criminal third party aggregated and released samples of data allegedly obtained from TransUnion South Africa with other sources of data, including at least 54 million records unrelated to TransUnion from data breaches dating back to 2017.
    • With the help of outside experts, we reviewed this data as quickly as we were able to safely access it.
    • Based on our investigation, we can confirm the incident impacted an isolated server holding limited data from our South African business.
    • The investigation has shown data relating to 5 million consumers was potentially affected by the incident and may have included the following fields of information: name, ID number, date of birth, gender, telephone number, email address, address, marital status and information, identity of employer and duration of employment, vehicle finance contract number, and VIN (Vehicle Identification Numbers) numbers. In isolated circumstances, spouse information, passport numbers, credit or insurance scores may have been affected. Each consumer may have had a different combination of fields affected, depending on what data was available.
    • For businesses, a total of 600,000 organisations were potentially affected by the incident. Fields of information that were potentially affected may have included company registration number, TransUnion business reference number, business name, business type (public, sole proprietor, etc.), business address, business contact number, email address, business credit scores, industry sector classification code and description, principal ID number, principal name and surname, and principal position (director, trustee, representative, member, etc.). Each business may have a combination of different fields impacted, depending on what data was available.
    • The investigation also indicated an additional 5.2 million consumers having had their ID numbers affected with no personal information linked to the ID number. We have notified the majority of these consumers where we were able to identify contact details.
  2. Was my or my business’s data affected?

    • Where contact information was available, TransUnion directly contacted by email or text the individuals and businesses who were known to be potentially impacted.
    • TransUnion South Africa has provided information on how affected individuals and businesses can protect themselves, including free subscriptions to TransUnion’s tools to detect identity-related and business-related threats, which includes free access to their personal or business credit reports up to 31 December 2023.
  3. What are you doing to notify and assist people and organisations whose data is affected?

    • Where contact information was available, TransUnion directly contacted by email or text the individuals and businesses who were known to be potentially impacted.
    • Over and above the direct notifications, we have published notifications of the security compromise on radio stations, newspapers and via social media channels broadcasting in each official language and covering all 9 provinces in South Africa. If anyone was uncertain of a communication that appeared to come from TransUnion, we recommended visiting our website by typing in the following web address: https://www.transunion.co.za/faq.
    • TransUnion South Africa has provided on how affected individuals and businesses can protect themselves, including free subscriptions to our identity protection products, which help detect identity-related and business-related threats. For consumers, this includes free access to their personal credit reports and alerts up to 31 December 2023, and for businesses, this includes free access to their business credit reports up to 31 December 2023.
      • For consumers: TransUnion is offering an annual subscription of TrueIdentity free of charge. TrueIdentity gives people the information and tools to detect identity-related threats and if need be, a way to get help to recover from them. When the free one-year subscription to TrueIdentity lapses, we will provide affected individuals with a free ongoing TrueCredit subscription until 31 December 2023. TrueCredit provides credit monitoring and credit alerts as well as monthly credit reports.
      • For businesses: TransUnion is offering a subscription of Business Credit Reports every 2 weeks free of charge until 31 December 2023. This tool will provide awareness of changes to the credit profile of your business and allow you to mitigate against unsolicited business engagements using your company details.
  4. What steps can I take to make sure I’m not (or my business is not) a victim of fraud?

    • Access to personal or business information can create opportunities for criminals to impersonate you or your business but does not guarantee access to your / your business’s banking profile or accounts.
    • We would encourage you or your business, as a precaution, to follow these security recommendations:

      • Do not disclose personal or business information such as passwords and PINs when asked to do so by anyone via phone, fax, text messages or even email.
      • Change your passwords regularly and never share these with anyone else.
      • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
      • Perform frequent anti-virus and malware scans on your personal / business computer(s) and mobile device(s), using software that is up to date.
      • Do not click on any suspicious links.
    • Regularly reviewing your credit report serves as a great way to check your credit data as reported to TransUnion, and guard against identity theft and financial fraud. Consumers can access their TransUnion credit report for free at https://www.transunion.co.za/product/annual-free-credit-report.
    • If you are notified (or suspect) that your personal information might be compromised, you have the option to register your details with the South African Fraud Prevention Services database. For more details visit www.safps.org.za.
    • If TransUnion offers you a free subscription to identity protection tools because your information was affected, sign up for this free service and pay close attention to the alerts, as they can help you quickly identify any unauthorised activity.
    • As always, please be vigilant of phishing attacks and remember that a TransUnion representative will never ask for your or your business’s banking details, bank PIN or user login password.
  5. If my TransUnion data was affected, how do I subscribe to the free one-year subscription to TrueIdentity?

    • To activate your free subscription to the TrueIdentity service, please visit https://www.transunion.co.za/product/trueidentity.
    • If you have registered with TransUnion before, you will be required to enter your username and password to access the TrueIdentity payment screen, where you will be prompted to enter your unique voucher code included in our message to you.
    • If you are a first-time user, you will need to register with TransUnion. As part of this process, you will be asked to:

      • Provide limited personal information
      • Verify your identity via knowledge-based authentication
      • Enter the unique voucher information included in our message to you on the payment page for the product.
    • The purpose of entering the limited personal information and completing the knowledge-based authentication is to verify your identity, in order to ensure we are only giving your credit information to you. You will not be asked to provide any information that we do not already store on your credit profile.
    • Click here to access a user guide to assist you through this process.
    • Upon completion of the registration process, you will have access to the following features:

      • ID Monitor
        • Dark web monitoring to provide monitoring of surface, social, deep and dark websites for potentially exposed personal, identity and financial information in order to help protect consumers against identity theft.
      • ID Restore
        • An extensive restitution service which will include the assignment of a forensic investigator and obtaining of resolution letters.
      • ID Recover
        • Theft coverage of up to R100K to protect against potential damages related to identity theft and fraud.
      • Credit Report PLUS Alerts and Score
        • Get unlimited access to your full credit report and score and receive credit alerts when critical changes such an enquiry or negative update occurs on your TransUnion credit report. Make use of our value-added tools such as Debt Analysis and Score Reasons to gain more insights into your credit status.
  6. If my business’s TransUnion data was affected, how do I subscribe to the free subscription to the Business Credit Alerts and Reports Service which has been offered until December 2023?

    • To activate your free subscription to the Reports service, please respond with the required verification documents on your business to [email protected] or alternatively proceed to contact us via 0861 482 482 where one of our reps will gladly assist you in registering for the service.
    • If this is your business’s first-time user experience, you will need to register your business with TransUnion. As part of this process, you will be asked to:

      1. Provide your CIPC registration Documents.
      2. Resolution of Directors to enroll for the service.
      3. Authenticate yourself as the applicant as a valid employee/representative of the business.
    • The purpose of entering the limited personal information and completing the knowledge-based authentication is to verify your identity, in order to ensure we are only giving your credit information to you. You will not be asked to provide any information that we do not already store on your business’s credit profile.
    • Upon completion of the registration process, your business will have access to business credit reports every 2 weeks covering many of the following data elements:

      • Defaults (Adverse Information)
        • A default consists of negative payment behaviour data submitted by TransUnion business clients. This report update should prompt the client to take immediate action to collect debt or prompt further investigations into the account.
      • Affiliations
        • Affiliations are businesses that are connected or linked to one another and updated on the business credit report every time an affiliation is added or removed.
      • Judgements
        • A judgement is a court order for a business to pay a debt. This update on the business credit report would prompt the client to take immediate action to collect debt.
      • Notarial Bonds / Notices
        • A notice provides vital information on issues such as company provisional or final liquidation. A notice update on your business credit report can also provide information on notarial bonds.
      • Business Status
        • The business status indicates the current registered status of the business as supplied by the registrar. A business status is updated on your business credit report when a change in business status occurred, regardless of what the current and previous status is or was.
      • Business Enquiries
        • A business enquiry is a footprint created when a subscriber does an enquiry on an entity.
      • Business Disputes
        • A business dispute is created when an entity disputes any information displayed on their business profile.
      • Principal Movement
        • A principal movement is updated on your business credit report when a principal status changes to resignation, deceased or change of title.
      • Business Deeds Seller
        • A business deed is a property owned by the entity in question and is displayed on their personal profile. This update on your credit profile report indicates property that was sold by the business.
      • Business Deeds Buyer
        • A business deed is a property owned by the entity in question and is displayed on their personal profile. This update on your credit report indicates property that was purchased by the business.
  7. Why does TransUnion require documentation from me when I try to subscribe to the free TrueIdentity service I received due to my personal or business information being impacted?

    • If you have registered with TransUnion before, you will be required to enter your username and password to access the TrueIdentity payment screen, where you will be prompted to enter your unique voucher code included in our message to you.
    • If you are a first-time user, you will need to register with TransUnion. As part of this process, you will be asked to:
      • Provide limited personal information
      • Verify your identity via knowledge-based authentication
      • Enter the unique voucher information included in our message to you on the payment page for the product
    • The purpose of entering the limited personal information and completing the knowledge-based authentication is to verify your identity, in order to ensure we are only giving your credit information to you. You will not be asked to provide any information that we do not already store on your credit profile.
  8. How do I know that the text or email I received about this incident is genuinely from TransUnion?

    • Where contact information was available, we directly contacted the individuals and businesses who were known to be impacted to provide information on how they can protect themselves, including free subscriptions to our identity protection products, which help detect identity-related and business-related threats. For consumers, this includes free access to their personal credit reports and alerts up to 31 December 2023, and for businesses, this includes free access to their business credit reports up to 31 December 2023.
    • As part of this outreach, you may have received an email or text from TransUnion South Africa with information on signing up for these services. The email message notes that, if you are a first-time user of TransUnion services, you may be asked to provide limited information to verify that we are only giving your personal or business credit information back to you.
    • The messages from TransUnion South Africa only direct you to pages on the www.transunion.co.za site. If you receive a message that asks you to provide personal or business information directly to the sender, or that directs you to a website other than the www.transunion.co.za site, it may be a fraud attempt.
    • As always, please be vigilant of phishing attacks and remember that a TransUnion representative will never ask for your or your business’s banking details, bank PIN or user login password.
  9. I received the same notification as a friend/colleague/family member, but the link to the TransUnion website differs from theirs. I am confused and unsure which one is authentic. Why did I receive a different URL?

    • The protection of affected individuals and businesses is a top priority, and we remain committed to assisting anyone whose information may have been illegally accessed from TransUnion South Africa.
    • It’s important to be vigilant about clicking on any links, which is why we recommend you type the web address into your browser, so you know you’re accessing the valid TransUnion South Africa website.
    • We have listened to consumer requests asking for a shorter link to type into their browsers.
    • Therefore, we have shortened the www.transunion.co.za/customer-support/faq link to https://www.transunion.co.za/faq.
    • Both these links are authentic and will direct you to the TransUnion South Africa website for more information on the cyber incident.
  10. I received a message from TransUnion Identity Monitor stating my personal information has been discovered on the dark web. What does this mean, why did I receive it, and what should I do?

    • You would have received this notification because you are subscribed to a TransUnion identity protection monitoring service (TrueCredit or TrueIdentity) and the product has discovered that some of your personal information is available on the dark web (parts of the web only accessible through anonymous browser networks).
    • When you activate ID Monitor with TrueIdentity, your information is securely registered for daily scans of the web. Scanning is done not only on the familiar parts of the web but also in those parts not indexed by major search engines, and across the dark web. Powered by machine learning and a partnership with leading dark web monitoring specialists, the TransUnion dark web monitoring solution interprets 25+ billion credential stories to help consumers take informed action.
    • The scanning is done against personal details such as names, addresses, contact numbers, email addresses and medical aid details. Should a hit be encountered in the scanning process, an alert is sent to you via email or SMS.
    • This is an example of the SMS alert notification you could receive:
      TransUnion SMS Alert Notification Example
    • TrueIdentity scans for any instance of your personal information on the dark web and these alerts are not necessarily related to the recent TransUnion cyber incident.
    • A criminal third party aggregated and released some data allegedly obtained from TransUnion South Africa with other sources of data, including at least 54 million records unrelated to TransUnion from data breaches dating back to 2017.
    • South Africa has seen a significant increase in cyber-attacks recently, and it’s possible that your information may be on the dark web via other sources or cyber incidents unrelated to TransUnion that you were not previously aware of.
    • Please log on to the web portal at transunion.co.za to get more details around the specifics of the alert.
    • We would encourage you or your business, as a precaution, to follow these security recommendations:

      • Do not disclose personal or business information such as passwords and PINs when asked to do so by anyone via phone, fax, text messages or even email.
      • Change your passwords regularly and never share these with anyone else.
      • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
      • Perform frequent anti-virus and malware scans on your personal / business computer(s) and mobile device(s), using software that is up to date.
      • Do not click on any suspicious links.
    • If you are notified (or suspect) that your personal information might be compromised, you have the option to register your details with the South African Fraud Prevention Services database. For more details visit www.safps.org.za.
    • As always, please be vigilant of phishing attacks and remember that a TransUnion representative will never ask for your or your business’s banking details, bank PIN or user login password.
  11. I have received multiple alerts from TransUnion since the cyber incident and signing up to TrueIdentity. I am confused as some are credit alerts and others dark web alerts. What is the difference, and should I be concerned?

    • What are Credit Report Alerts?
      • A credit report alert will specify changes that have occurred on your credit profile. These alerts will indicate changes including:

        • If an enquiry is undertaken on your profile: Enquiries are undertaken when you approach a credit or service provider for services such as a new credit line, a telephone contract, an insurance policy or a credit limit increase. Should an enquiry appear on your profile that you did not apply for, you should dispute it through the TransUnion dispute process.
        • When a new account is opened: A new account (or a payment profile) is an indication from a credit or service provider that you have an account with them. Should a new account be loaded to your profile that you have not applied for, this can be an indicator of identity theft and you can dispute this through the TransUnion dispute process.
        • A judgment or default is loaded on your profile: Judgments and defaults are loaded against your profile should you default on your payments. Should a judgment or default be loaded to your profile that you are in disagreement with, you can dispute this through the TransUnion dispute process.
      • Alerts will be sent via email or SMS and you can log into your TrueIdentity dashboard to get more information on the alert.
    • What are Dark Web Alerts?
      • A dark web alert is different to a credit report alert. It is an alert where your identity, personal and/or financial information is found on what is known as the dark web. These alerts are most often linked to data contained in data breaches that hackers have exposed on the internet.
      • Once you register for TrueIdentity, you can choose which information you want to be monitored for on the dark web. This data is then scanned on a daily basis.
      • Subject to what personal information you submit when registering for TrueIdentity, the scanning can be done against personal details such as names, addresses, contact numbers, email addresses, ID numbers and passports, bank accounts and medical aid details. Should your information be detected on the dark web through the scanning process, an alert is sent to you via email or SMS.
      • By logging into your TrueIdentity dashboard, the details of your alert can be viewed and better understood.
      • These alerts help you to take mitigating actions such as changing passwords, registering your ID on the South African Fraud Prevention Services database, or notifying your bank or service provider about the potential risk.
      • For further information or clarity please visit https://www.transunion.co.za/product/trueidentity or https://www.transunion.co.za/product/truecredit.
  12. What is the dark web?

    • The part of the web accessible through search engines and used for everyday activities is known among researchers as the surface web.
    • Anything beyond that is defined as the deep web. The dark component of the deep web is the primary highway for the exchange and commerce among cybercriminal groups. Ultimately, the dark web is only accessible through anonymous browser networks and serves in part as a marketplace selling personal information stolen from many sources.
  13. If I receive a suspicious message from someone claiming to have my data and trying to access my bank account, what should I do?

    • We are aware that an unknown third party claiming to be to be @N4ughtySec may be contacting individuals regarding access to their data.
    • Access to personal or business information can create opportunities for criminals to impersonate you or your business but does not guarantee access to your banking profile or accounts.
    • However, criminals can use this information to trick you or your employees into disclosing your confidential banking details. This could potentially be used by third parties in various ways to commit fraudulent scams, such as application fraud or the changing of banking details via an email compromise.
    • Please be vigilant of phishing attacks and remember TransUnion representatives will never ask for you or your businesses banking details, bank PIN or user login password.
    • If you believe your bank account is at risk, we recommend that you contact your bank in the first instance.
    • If TransUnion offers you a free subscription to identity protection tools because your information was affected, sign up for this free service and pay close attention to the alerts, as they can help you quickly identify any unauthorised activity.
    • If you are notified (or suspect) that your personal information might be compromised, you have the option to register your details with the South African Fraud Prevention Services database. For more details visit www.safps.org.za.
    • Regularly reviewing your credit report is a great way to check your credit data, and guard against identity theft and financial fraud. Consumers can access their TransUnion credit report for free at https://www.transunion.co.za/product/annual-free-credit-report.
  14. I have recently had fraud on my account. Is this due to the TransUnion cyber-attack?

    • We are aware that a criminal third party has aggregated and released some data allegedly obtained from TransUnion South Africa with other sources of data, including at least 54 million records unrelated to TransUnion from data breaches dating back to 2017.
    • Where contact information was available, TransUnion directly contacted by email or text the individuals and businesses whose information were known to have been illegally accessed from TransUnion South Africa.
    • TransUnion South Africa has provided information on how affected individuals and businesses can protect themselves, including free subscriptions to our identity protection products, which help detect identity-related and business-related threats. For consumers, this includes free access to their personal credit reports and alerts up to 31 December 2023, and for businesses, this includes free access to their business credit reports up to 31 December 2023.
    • It can be difficult to connect fraud to any specific cyber attack. South Africa has seen a significant increase in cyber-attacks recently, and it’s possible that your information may have been compromised via other sources or cyber incidents unrelated to TransUnion.
    • If you did not receive an email or text notification from TransUnion, fraudulent activity is likely not related to the recent TransUnion cyber incident.

Return to top

2. How do I log a dispute to correct information on my credit report?

You can log a dispute online by following these steps:

  1. Go to www.transunion.co.za.
  2. Click on “Member Login” in the top right corner of the page.
  3. Log in with your username and password (or, if you haven’t registered yet, do so with our quick, click-through process).
  4. Enter the 4-digit OTP we send to your mobile number.
  5. When you see the TransUnion Dashboard, click on the “Free product” tab if you don’t have a paid subscription with us.
  6. View your report and click on the expandable tabs for more information.
  7. If don’t agree with the information on the report, click the “Dispute/Query” button.
  8. Choose your reason for logging a dispute or query. You may need to upload documents to support the dispute (these should be under 5MB).
  9. Click on the line item you’re disputing and you’ll get a message stating your dispute or query has been logged successfully.

You can track the progress of you dispute or query by clicking the “Dispute summary” tab on your dashboard.
You can call 0861 484 482 and select option 2 to log a dispute.

Return to top

3. Why is my credit score low?

  • A credit score is a number reflecting how well you manage your credit. A TransUnion Consumer Credit Score, for example, can range from 0 (poor) to 999 (excellent).
  • Generally, the higher your score the better. A higher score indicates a healthy credit report with a good mix of current credit.
  • Your credit score is based on a formula that evaluates:
    • How well or poorly you pay your bills
    • How much debt you have
    • Where your debt is (e.g., banks or retail stores)
  • All the credit information in your credit report is used to calculate your credit score. This includes:
    • Payment history: How you manage your accounts; are you paying the right amounts at the right times?
    • Debt: How much do you currently owe, and how are you using the credit you have?
    • Adverse listing: Do you have defaults or judgments against you?
    • Length of credit history: How long have each of your accounts been open?
    • Account application: How many accounts have you opened in the past 24 months?
    • Enquiry history: How many times have banks or lending companies asked for your credit report in the past 12 months?
  • The information in your credit report is used by most credit and service providers to build their own credit risk score. When you apply for credit, they use this score (plus other information) to assess your application. They may also look at your employment history, income and affordability, and the type of credit you’re applying for.
    The scorecard we provide consumers is an educational scorecard and not a lender-based scorecard, which a lender uses to decide whether to extend credit. It can include elements of your credit report, your employment history, income and affordability, and the type of credit you’re applying for. Different lenders may use different scorecards.
    Lenders do not have sight of the score that appears on a consumer report.
  • A poor or below-average score means you have some work to do to improve your credit risk rating. It could also indicate a problem with some information in your credit report which you need to investigate (and possibly challenge) before applying for that all-important loan.

Return to top

4. Does a good TransUnion score ensure I’ll get credit from a lending institution?

It will help, but it’s not a guarantee.

For example, if you’re applying for a loan to buy a home or car, or an increase in your credit limit, your credit score can serve as a guide to lenders. It’s one of many factors they’ll consider when making a decision. Also, different lenders use different factors to assess credit applications.

If you have a good (high) credit score, it means your credit report has information that shows you’re low risk and more likely to meet the repayment terms. You tend to be seen as a reliable borrower who will repay credit on time, which makes you more appealing to lenders. A good credit score means your application is more apt to be accepted, but it’s not a sure thing.

TransUnion is not responsible for the decisions lenders make based on your credit score.

Return to top

5. How do I get my credit report?

There are two credit reports available to you:

Return to top

6. Why are my personal details wrong on my credit report?

TransUnion gets the information used in your credit report from different institutions. It’s up to you to make sure your contact details are correct. If they aren’t, use te Dispute/Query option to ask us to update them: [see point 1 for this process]

Return to top




General FAQs

Return to top

What does a payment holiday mean?

A payment holiday is an agreement between you and your lender allowing you to temporarily stop or reduce your monthly repayments on an existing credit agreement. Lenders have different approaches to payment holidays so please speak to your lender about what’s available to you, the implications, as well how you should go about applying.

Return to top

What payments qualify for payment holidays

Lenders have different approaches to payment holidays ranging from reduced monthly payments, deferred full payments through to extending the number of installments (the term) on the original credit agreement. Please speak to your lender about their payment holiday approach, which of your payments qualify, the implications for you as well as how you go about applying.

Return to top

How long do payment holidays last for?

Lenders have different approaches to payment holidays. Please speak to your lender about their payment holiday approach, including the duration options on offer.

Return to top

How do I apply for a payment holiday?

Lenders have different approaches to payment holidays. Please speak to your lender for more information on the application process that you should follow.

Return to top

What does a payment holiday mean for my credit score?

A payment holiday is intended to assist consumers in preventing them from defaulting. Should you be granted a payment holiday, your lender will provide the credit bureau with the appropriate information to correctly identify your payment holidays against your specific accounts. This information is taken into consideration when reviewing your credit score. It is important to note that lenders make lending decisions on additional assessments over and above your credit score when granting new credit or extending credit limits.

Return to top

How will a payment holiday reflect on my credit report?

As long as a deferred payment date (which will be future date) is supplied by your lender to the credit bureau, your account will reflect as updated until such time the payment becomes due and payable. The deferred payment date will reflect on your credit report for each account that is deferred or where the term is extended. Please obtain your latest credit report from transunion.co.za

Return to top

What should I do if I can’t honour my payments?

You should immediately contact your lender to make an alternate arrangement with them. Proactively managing your obligations to lenders will allow you improve and sustain your overall financial health.

Return to top

What happens if I don’t make the full payment, but pay a portion of it?

In order for the reduced payments to not reflect negatively on your credit report, you need to make sure that you follow the proper application process with your specific lender. The lender will then submit this information to the bureau to update on your profile showing that you are on a payment holiday.

Return to top

Can I claim against insurance if I am unable to make my installments?

Most lenders require you to take out credit life insurance when you apply for credit. Check your specific insurance policy to see if your specific policy allows you to claim.

Return to top

What happens if I have a dispute during the lockdown period?

The credit bureau dispute teams continue to operate and you can still log your dispute online. Disputes will still be managed within the current 20 business day resolution timeline, however due to not all businesses operating during the lockdown this may allow for updates past this period.

Return to top

Can I still access my credit report during the lockdown period?

During this Covid-19 lockdown, all credit bureaus are providing consumers with free access to their credit report. Please access your free annual credit report.

Return to top

How can I protect my credit health?

We understand that you may be facing some tough financial choices right now. We encourage you to pay what you can to avoid late payments on your credit report. If you can’t make minimum payments, we recommend you talk with your lenders to find out if they’re offering any assistance. Please access your free annual credit report, so that you can better under your current financial health.

Return to top

What is a Credit Report?

Your credit report is a record of your credit activity and credit history. It includes the names of companies that have extended you credit and/or loans, as well as the credit limits and loan amounts. Your payment history is also part of this record and can show how you positively manage your accounts. If you have delinquent accounts, are under debt counseling or administration, or you have been sequestrated, these can also be found in your credit report.

Return to top

What does COVID-19 mean for my credit score and credit report?

We understand that you may be facing some tough financial choices right now. We encourage you to pay what you can to avoid late payments on your credit report. If you can’t make minimum payments, we recommend you talk with your lender to find out if they’re offering any assistance. Please access your free annual credit report, so that you can better under your current financial health.

Return to top

What does the national lockdown mean for my credit score and credit report?

Banks and other financial institutions are classified as essential services and continue to operate during this period. Talk to your lender to understand what options they have available to assist you. TransUnion will also continue to provide consumers with their credit reports during this period to help you understand your financial position. Please access your free annual credit report, so that you can better under your current financial health.

Return to top

What does the corona virus mean for my credit score and credit report?

Just like your physical health, your financial health is key. Away try to pay what you can to avoid late payments on your credit report. If you can’t make minimum payments, we recommend you talk with your lenders to find out if they’re offering any assistance. Please access your free annual credit report, so that you can better under your current financial health.

Return to top

What should I do to protect my credit score during the lockdown?

We understand that this is a very uncertain time for everyone. You should however always try to pay what you can to avoid late payments on your credit report. If you can’t make minimum payments, we recommend you talk with your lender as soon as possible to find out if they’re offering any assistance and how that can benefit you. Please access your free annual credit report, so that you can better under your current financial health.

Return to top

I am worried that the Covid-19 lockdown is going to affect my ability to earn and income. What should I do to protect my credit score?

We understand that you may be facing some tough financial choices right now. We encourage you to pay what you can to avoid late payments on your credit report. If you can’t make minimum payments, we recommend you talk with your employer and your lender to find out if they’re offering any assistance. Most lenders also require you to take out credit life insurance when you apply for credit. Check you have insurance as well as what your specific policy allows you to claim for.

Return to top