Top 6 FAQs

• Update: South African Cyber Incident
• How do I log a dispute to correct information on my credit report?
• Why is my credit score low?
• Does a good TransUnion score ensure I’ll get credit from a lending institution?
• How do I get my credit report?
• Why are my personal details wrong on my credit report?

1. Update: South African Cyber Incident

1. What type and volume of data was affected by this incident?

   • A criminal third party aggregated and released samples of data allegedly obtained from TransUnion South Africa with other sources of data, including at least 54 million records unrelated to TransUnion from data breaches dating back to 2017.
   • With the help of outside experts, we reviewed this data as quickly as we were able to safely access it.
   • Based on our investigation, we can confirm the incident impacted an isolated server holding limited data from our South African business.
   • The investigation has shown data relating to 5 million consumers was potentially affected by the incident and may have included the following fields of information: name, ID number, date of birth, gender, telephone number, email address, address, marital status and information, identity of employer and duration of employment, vehicle finance contract number, and VIN (Vehicle Identification Numbers) numbers. In isolated circumstances, spouse information, passport numbers, credit or insurance scores may have been affected. Each consumer may have had a different combination of fields affected, depending on what data was available.
   • For businesses, a total of 600,000 organisations were potentially affected by the incident. Fields of information that were potentially affected may have included company registration number, TransUnion business reference number, business name, business type (public, sole proprietor, etc.), business address, business contact number, email address, business credit scores, industry sector classification code and description, principal ID number, principal name and surname, and principal position (director, trustee, representative, member, etc.). Each business may have a combination of different fields impacted, depending on what data was available.
   • The investigation also indicated an additional 5.2 million consumers having had their ID numbers affected with no personal information linked to the ID number. We have notified the majority of these consumers where we were able to identify contact details.

2. Was my or my business’s data affected?

   • Where contact information was available, TransUnion directly contacted by email or text the individuals and businesses who were known to be potentially impacted.
   • TransUnion South Africa has provided information on how affected individuals and businesses can protect themselves, including free subscriptions to TransUnion’s tools to detect identity-related and business-related threats, which includes free access to their personal or business credit reports up to 31 December 2023.

3. What are you doing to notify and assist people and organisations whose data is affected?

   • Where contact information was available, TransUnion directly contacted by email or text the individuals and businesses who were known to be potentially impacted.
   • Over and above the direct notifications, we have published notifications of the security compromise on radio stations, newspapers and via social media channels broadcasting in each official language and covering all 9 provinces in South Africa. If anyone was uncertain of a communication that appeared to come from TransUnion, we recommended visiting our website by typing in the following web address: https://www.transunion.co.za/faq.
   • TransUnion South Africa has provided on how affected individuals and businesses can protect themselves, including free subscriptions to our identity protection products, which help detect identity-related and business-related threats. For consumers, this includes free access to their personal credit reports and alerts up to 31 December 2023, and for businesses, this includes free access to their business credit reports up to 31 December 2023.
     • For consumers: TransUnion is offering an annual subscription of TrueIdentity free of charge. TrueIdentity gives people the information and tools to detect identity-related threats and if need be, a way to get help to recover from them. When the free one-year subscription to TrueIdentity lapses, we will provide affected individuals with a free ongoing TrueCredit subscription until 31 December 2023. TrueCredit provides credit monitoring and credit alerts as well as monthly credit reports.
     • For businesses: TransUnion is offering a subscription of Business Credit Reports every 2 weeks free of charge until 31 December 2023. This tool will provide awareness of changes to the credit profile of your business and allow you to mitigate against unsolicited business engagements using your company details.

4. What steps can I take to make sure I’m not (or my business is not) a victim of fraud?

   • Access to personal or business information can create opportunities for criminals to impersonate you or your business but does not guarantee access to your / your business’s banking profile or accounts.
   • We would encourage you or your business, as a precaution, to follow these security recommendations:
     
     
     • Do not disclose personal or business information such as passwords and PINs when asked to do so by anyone via phone, fax, text messages or even email.
     • Change your passwords regularly and never share these with anyone else.
     • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
     • Perform frequent anti-virus and malware scans on your personal / business computer(s) and mobile device(s), using software that is up to date.
     • Do not click on any suspicious links.
   • Regularly reviewing your credit report serves as a great way to check your credit data as reported to TransUnion, and guard against identity theft and financial fraud. Consumers can access their TransUnion credit report for free at https://www.transunion.co.za/product/annual-free-credit-report.
   • If you are notified (or suspect) that your personal information might be compromised, you have the option to register your details with the South African Fraud Prevention Services database. For more details visit www.safps.org.za.
   • If TransUnion offers you a free subscription to identity protection tools because your information was affected, sign up for this free service and pay close attention to the alerts, as they can help you quickly identify any unauthorised activity.
   • As always, please be vigilant of phishing attacks and remember that a TransUnion representative will never ask for your or your business’s banking details, bank PIN or user login password.

5. If my TransUnion data was affected, how do I subscribe to the free one-year subscription to TrueIdentity?

   • To activate your free subscription to the TrueIdentity service, please visit https://www.transunion.co.za/product/trueidentity.
   • If you have registered with TransUnion before, you will be required to enter your username and password to access the TrueIdentity payment screen, where you will be prompted to enter your unique voucher code included in our message to you.
   • If you are a first-time user, you will need to register with TransUnion. As part of this process, you will be asked to:
     
     
     • Provide limited personal information
     • Verify your identity via knowledge-based authentication
     • Enter the unique voucher information included in our message to you on the payment page for the product.
   • The purpose of entering the limited personal information and completing the knowledge-based authentication is to verify your identity, in order to ensure we are only giving your credit information to you. You will not be asked to provide any information that we do not already store on your credit profile.
   • Click here to access a user guide to assist you through this process.
   • Upon completion of the registration process, you will have access to the following features:
     
     
     • ID Monitor
       • Dark web monitoring to provide monitoring of surface, social, deep and dark websites for potentially exposed personal, identity and financial information in order to help protect consumers against identity theft.
     • ID Restore
       • An extensive restitution service which will include the assignment of a forensic investigator and obtaining of resolution letters.
     • ID Recover
       • Theft coverage of up to R100K to protect against potential damages related to identity theft and fraud.
     • Credit Report PLUS Alerts and Score
       • Get unlimited access to your full credit report and score and receive credit alerts when critical changes such an enquiry or negative update occurs on your TransUnion credit report. Make use of our value-added tools such as Debt Analysis and Score Reasons to gain more insights into your credit status.

6. If my business’s TransUnion data was affected, how do I subscribe to the free subscription to the Business Credit Alerts and Reports Service which has been offered until December 2023?

   • To activate your free subscription to the Reports service, please respond with the required verification documents on your business to [email protected] or alternatively proceed to contact us via 0861 482 482 where one of our reps will gladly assist you in registering for the service.
   • If this is your business’s first-time user experience, you will need to register your business with TransUnion. As part of this process, you will be asked to:
     
     
     1. Provide your CIPC registration Documents.
     2. Resolution of Directors to enroll for the service.
     3. Authenticate yourself as the applicant as a valid employee/representative of the business.
   • The purpose of entering the limited personal information and completing the knowledge-based authentication is to verify your identity, in order to ensure we are only giving your credit information to you. You will not be asked to provide any information that we do not already store on your business’s credit profile.
   • Upon completion of the registration process, your business will have access to business credit reports every 2 weeks covering many of the following data elements:
     
     
     • Defaults (Adverse Information)
       • A default consists of negative payment behaviour data submitted by TransUnion business clients. This report update should prompt the client to take immediate action to collect debt or prompt further investigations into the account.
     • Affiliations
       • Affiliations are businesses that are connected or linked to one another and updated on the business credit report every time an affiliation is added or removed.
     • Judgements
       • A judgement is a court order for a business to pay a debt. This update on the business credit report would prompt the client to take immediate action to collect debt.
     • Notarial Bonds / Notices
       • A notice provides vital information on issues such as company provisional or final liquidation. A notice update on your business credit report can also provide information on notarial bonds.
     • Business Status
       • The business status indicates the current registered status of the business as supplied by the registrar. A business status is updated on your business credit report when a change in business status occurred, regardless of what the current and previous status is or was.
     • Business Enquiries
       • A business enquiry is a footprint created when a subscriber does an enquiry on an entity.
     • Business Disputes
       • A business dispute is created when an entity disputes any information displayed on their business profile.
     • Principal Movement
       • A principal movement is updated on your business credit report when a principal status changes to resignation, deceased or change of title.
     • Business Deeds Seller
       • A business deed is a property owned by the entity in question and is displayed on their personal profile. This update on your credit profile report indicates property that was sold by the business.
     • Business Deeds Buyer
       • A business deed is a property owned by the entity in question and is displayed on their personal profile. This update on your credit report indicates property that was purchased by the business.

7. Why does TransUnion require documentation from me when I try to subscribe to the free TrueIdentity service I received due to my personal or business information being impacted?

   • If you have registered with TransUnion before, you will be required to enter your username and password to access the TrueIdentity payment screen, where you will be prompted to enter your unique voucher code included in our message to you.
   • If you are a first-time user, you will need to register with TransUnion. As part of this process, you will be asked to:
     • Provide limited personal information
     • Verify your identity via knowledge-based authentication
     • Enter the unique voucher information included in our message to you on the payment page for the product
   • The purpose of entering the limited personal information and completing the knowledge-based authentication is to verify your identity, in order to ensure we are only giving your credit information to you. You will not be asked to provide any information that we do not already store on your credit profile.

8. How do I know that the text or email I received about this incident is genuinely from TransUnion?

   • Where contact information was available, we directly contacted the individuals and businesses who were known to be impacted to provide information on how they can protect themselves, including free subscriptions to our identity protection products, which help detect identity-related and business-related threats. For consumers, this includes free access to their personal credit reports and alerts up to 31 December 2023, and for businesses, this includes free access to their business credit reports up to 31 December 2023.
   • As part of this outreach, you may have received an email or text from TransUnion South Africa with information on signing up for these services. The email message notes that, if you are a first-time user of TransUnion services, you may be asked to provide limited information to verify that we are only giving your personal or business credit information back to you.
   • The messages from TransUnion South Africa only direct you to pages on the www.transunion.co.za site. If you receive a message that asks you to provide personal or business information directly to the sender, or that directs you to a website other than the www.transunion.co.za site, it may be a fraud attempt.
   • As always, please be vigilant of phishing attacks and remember that a TransUnion representative will never ask for your or your business’s banking details, bank PIN or user login password.

9. I received the same notification as a friend/colleague/family member, but the link to the TransUnion website differs from theirs. I am confused and unsure which one is authentic. Why did I receive a different URL?

   • The protection of affected individuals and businesses is a top priority, and we remain committed to assisting anyone whose information may have been illegally accessed from TransUnion South Africa.
   • It’s important to be vigilant about clicking on any links, which is why we recommend you type the web address into your browser, so you know you’re accessing the valid TransUnion South Africa website.
   • We have listened to consumer requests asking for a shorter link to type into their browsers.
   • Therefore, we have shortened the www.transunion.co.za/customer-support/faq link to https://www.transunion.co.za/faq.
   • Both these links are authentic and will direct you to the TransUnion South Africa website for more information on the cyber incident.

10. I received a message from TransUnion Identity Monitor stating my personal information has been discovered on the dark web. What does this mean, why did I receive it, and what should I do?

    • You would have received this notification because you are subscribed to a TransUnion identity protection monitoring service (TrueCredit or TrueIdentity) and the product has discovered that some of your personal information is available on the dark web (parts of the web only accessible through anonymous browser networks).
    • When you activate ID Monitor with TrueIdentity, your information is securely registered for daily scans of the web. Scanning is done not only on the familiar parts of the web but also in those parts not indexed by major search engines, and across the dark web. Powered by machine learning and a partnership with leading dark web monitoring specialists, the TransUnion dark web monitoring solution interprets 25+ billion credential stories to help consumers take informed action.
    • The scanning is done against personal details such as names, addresses, contact numbers, email addresses and medical aid details. Should a hit be encountered in the scanning process, an alert is sent to you via email or SMS.
    • This is an example of the SMS alert notification you could receive:
      
    • TrueIdentity scans for any instance of your personal information on the dark web and these alerts are not necessarily related to the recent TransUnion cyber incident.
    • A criminal third party aggregated and released some data allegedly obtained from TransUnion South Africa with other sources of data, including at least 54 million records unrelated to TransUnion from data breaches dating back to 2017.
    • South Africa has seen a significant increase in cyber-attacks recently, and it’s possible that your information may be on the dark web via other sources or cyber incidents unrelated to TransUnion that you were not previously aware of.
    • Please log on to the web portal at transunion.co.za to get more details around the specifics of the alert.
    • We would encourage you or your business, as a precaution, to follow these security recommendations:
      
      
      • Do not disclose personal or business information such as passwords and PINs when asked to do so by anyone via phone, fax, text messages or even email.
      • Change your passwords regularly and never share these with anyone else.
      • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
      • Perform frequent anti-virus and malware scans on your personal / business computer(s) and mobile device(s), using software that is up to date.
      • Do not click on any suspicious links.
    • If you are notified (or suspect) that your personal information might be compromised, you have the option to register your details with the South African Fraud Prevention Services database. For more details visit www.safps.org.za.
    • As always, please be vigilant of phishing attacks and remember that a TransUnion representative will never ask for your or your business’s banking details, bank PIN or user login password.

11. I have received multiple alerts from TransUnion since the cyber incident and signing up to TrueIdentity. I am confused as some are credit alerts and others dark web alerts. What is the difference, and should I be concerned?

    • What are Credit Report Alerts?
      • A credit report alert will specify changes that have occurred on your credit profile. These alerts will indicate changes including:
        
        
        • If an enquiry is undertaken on your profile: Enquiries are undertaken when you approach a credit or service provider for services such as a new credit line, a telephone contract, an insurance policy or a credit limit increase. Should an enquiry appear on your profile that you did not apply for, you should dispute it through the TransUnion dispute process.
        • When a new account is opened: A new account (or a payment profile) is an indication from a credit or service provider that you have an account with them. Should a new account be loaded to your profile that you have not applied for, this can be an indicator of identity theft and you can dispute this through the TransUnion dispute process.
        • A judgment or default is loaded on your profile: Judgments and defaults are loaded against your profile should you default on your payments. Should a judgment or default be loaded to your profile that you are in disagreement with, you can dispute this through the TransUnion dispute process.
      • Alerts will be sent via email or SMS and you can log into your TrueIdentity dashboard to get more information on the alert.
    • What are Dark Web Alerts?
      • A dark web alert is different to a credit report alert. It is an alert where your identity, personal and/or financial information is found on what is known as the dark web. These alerts are most often linked to data contained in data breaches that hackers have exposed on the internet.
      • Once you register for TrueIdentity, you can choose which information you want to be monitored for on the dark web. This data is then scanned on a daily basis.
      • Subject to what personal information you submit when registering for TrueIdentity, the scanning can be done against personal details such as names, addresses, contact numbers, email addresses, ID numbers and passports, bank accounts and medical aid details. Should your information be detected on the dark web through the scanning process, an alert is sent to you via email or SMS.
      • By logging into your TrueIdentity dashboard, the details of your alert can be viewed and better understood.
      • These alerts help you to take mitigating actions such as changing passwords, registering your ID on the South African Fraud Prevention Services database, or notifying your bank or service provider about the potential risk.
      • For further information or clarity please visit https://www.transunion.co.za/product/trueidentity or https://www.transunion.co.za/product/truecredit.

12. What is the dark web?

    • The part of the web accessible through search engines and used for everyday activities is known among researchers as the surface web.
    • Anything beyond that is defined as the deep web. The dark component of the deep web is the primary highway for the exchange and commerce among cybercriminal groups. Ultimately, the dark web is only accessible through anonymous browser networks and serves in part as a marketplace selling personal information stolen from many sources.

13. If I receive a suspicious message from someone claiming to have my data and trying to access my bank account, what should I do?

    • We are aware that an unknown third party claiming to be to be @N4ughtySec may be contacting individuals regarding access to their data.
    • Access to personal or business information can create opportunities for criminals to impersonate you or your business but does not guarantee access to your banking profile or accounts.
    • However, criminals can use this information to trick you or your employees into disclosing your confidential banking details. This could potentially be used by third parties in various ways to commit fraudulent scams, such as application fraud or the changing of banking details via an email compromise.
    • Please be vigilant of phishing attacks and remember TransUnion representatives will never ask for you or your businesses banking details, bank PIN or user login password.
    • If you believe your bank account is at risk, we recommend that you contact your bank in the first instance.
    • If TransUnion offers you a free subscription to identity protection tools because your information was affected, sign up for this free service and pay close attention to the alerts, as they can help you quickly identify any unauthorised activity.
    • If you are notified (or suspect) that your personal information might be compromised, you have the option to register your details with the South African Fraud Prevention Services database. For more details visit www.safps.org.za.
    • Regularly reviewing your credit report is a great way to check your credit data, and guard against identity theft and financial fraud. Consumers can access their TransUnion credit report for free at https://www.transunion.co.za/product/annual-free-credit-report.

14. I have recently had fraud on my account. Is this due to the TransUnion cyber-attack?

    • We are aware that a criminal third party has aggregated and released some data allegedly obtained from TransUnion South Africa with other sources of data, including at least 54 million records unrelated to TransUnion from data breaches dating back to 2017.
    • Where contact information was available, TransUnion directly contacted by email or text the individuals and businesses whose information were known to have been illegally accessed from TransUnion South Africa.
    • TransUnion South Africa has provided information on how affected individuals and businesses can protect themselves, including free subscriptions to our identity protection products, which help detect identity-related and business-related threats. For consumers, this includes free access to their personal credit reports and alerts up to 31 December 2023, and for businesses, this includes free access to their business credit reports up to 31 December 2023.
    • It can be difficult to connect fraud to any specific cyber attack. South Africa has seen a significant increase in cyber-attacks recently, and it’s possible that your information may have been compromised via other sources or cyber incidents unrelated to TransUnion.
    • If you did not receive an email or text notification from TransUnion, fraudulent activity is likely not related to the recent TransUnion cyber incident.

Return to top

2. How do I log a dispute to correct information on my credit report?

You can log a dispute online by following these steps:

1. Go to www.transunion.co.za.
2. Click on “Member Login” in the top right corner of the page.
3. Log in with your username and password (or, if you haven’t registered yet, do so with our quick, click-through process).
4. Enter the 4-digit OTP we send to your mobile number.
5. When you see the TransUnion Dashboard, click on the “Free product” tab if you don’t have a paid subscription with us.
6. View your report and click on the expandable tabs for more information.
7. If don’t agree with the information on the report, click the “Dispute/Query” button.
8. Choose your reason for logging a dispute or query. You may need to upload documents to support the dispute (these should be under 5MB).
9. Click on the line item you’re disputing and you’ll get a message stating your dispute or query has been logged successfully.

You can track the progress of you dispute or query by clicking the “Dispute summary” tab on your dashboard.
You can call 0861 484 482 and select option 2 to log a dispute.

Return to top

3. Why is my credit score low?

• A credit score is a number reflecting how well you manage your credit. A TransUnion Consumer Credit Score, for example, can range from 0 (poor) to 999 (excellent).
• Generally, the higher your score the better. A higher score indicates a healthy credit report with a good mix of current credit.
• Your credit score is based on a formula that evaluates:
  • How well or poorly you pay your bills
  • How much debt you have
  • Where your debt is (e.g., banks or retail stores)
• All the credit information in your credit report is used to calculate your credit score. This includes:
  • Payment history: How you manage your accounts; are you paying the right amounts at the right times?
  • Debt: How much do you currently owe, and how are you using the credit you have?
  • Adverse listing: Do you have defaults or judgments against you?
  • Length of credit history: How long have each of your accounts been open?
  • Account application: How many accounts have you opened in the past 24 months?
  • Enquiry history: How many times have banks or lending companies asked for your credit report in the past 12 months?
• The information in your credit report is used by most credit and service providers to build their own credit risk score. When you apply for credit, they use this score (plus other information) to assess your application. They may also look at your employment history, income and affordability, and the type of credit you’re applying for.
  The scorecard we provide consumers is an educational scorecard and not a lender-based scorecard, which a lender uses to decide whether to extend credit. It can include elements of your credit report, your employment history, income and affordability, and the type of credit you’re applying for. Different lenders may use different scorecards.
  Lenders do not have sight of the score that appears on a consumer report.
• A poor or below-average score means you have some work to do to improve your credit risk rating. It could also indicate a problem with some information in your credit report which you need to investigate (and possibly challenge) before applying for that all-important loan.

Return to top

4. Does a good TransUnion score ensure I’ll get credit from a lending institution?

It will help, but it’s not a guarantee.

For example, if you’re applying for a loan to buy a home or car, or an increase in your credit limit, your credit score can serve as a guide to lenders. It’s one of many factors they’ll consider when making a decision. Also, different lenders use different factors to assess credit applications.

If you have a good (high) credit score, it means your credit report has information that shows you’re low risk and more likely to meet the repayment terms. You tend to be seen as a reliable borrower who will repay credit on time, which makes you more appealing to lenders. A good credit score means your application is more apt to be accepted, but it’s not a sure thing.

TransUnion is not responsible for the decisions lenders make based on your credit score.

Return to top

5. How do I get my credit report?

There are two credit reports available to you:

• Your annual FREE report which you can download from https://www.transunion.co.za/product/annual-free-credit-report
• Your credit report and credit score which are available through the TrueCredit service for R40 per month ( https://www.transunion.co.za/product/truecredit). By subscribing to this service, you can access your credit information at any time. Plus, you’ll get alerts when anything on your credit report changes. This helps you better monitor and understand your credit profile.

Return to top

6. Why are my personal details wrong on my credit report?

TransUnion gets the information used in your credit report from different institutions. It’s up to you to make sure your contact details are correct. If they aren’t, use te Dispute/Query option to ask us to update them: [see point 1 for this process]

Return to top