Hackers are demanding a $15 million payment for the return of 54 million customer records stolen form a server operated by credit bureau TransUnion in South Africa.

TransUnion claims the cybercriminals gained access to the sensitive data by using the compromised credentials of one of the company's clients. The hacking group demanding the ransom say the data downloaded was protected with a password of 'password'.

TransUnion says that the exposed data "may include personal information, such as telephone numbers, email addresses, identity numbers, physical addresses, and some credit scores".

The hacking group claiming responsibility, N4aughtysecTU, is demanding $15 million worth of cryptocurrency for return of the stolen files.

As a precaution, the credit bureau took some of its infrastructure offline temporarily and has engaged expert outside help to investigate the incident.

With true chutzpah, TransUnion says customers affected by the incident will be offered a free annual subscription to the TrueIdentity identity protection system run by...TransUnion.