TransUnion’s data stolen in major data breach

But credit agency claims it wasn’t breached

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A hacker has posted a stolen database on the dark web alleging it contains sensitive data stolen from credit agency TransUnion. However, the company says there is no evidence of any compromise or data exfiltration, and argues that whatever data was taken - must have been stolen from a third party.

Going by the alias “USDoD”, the hacker published a 3GB database on BreachForums, a popular underground site where criminals exchange tools and information. This database, it was claimed, carriedpersonally identifiable information(PII) on more than 58,000 people, at least some of whom appear to be TransUnion customers.

The data includes full names, internal TransUnion identifiers, passport information such as birth dates and places of birth, marital status, age, employer information, credit scores and loan information.

Third party compromised

Following the leak, and subsequent media coverage, TransUnion published a short statement claiming to be aware of “some limited online activity alleging that data obtained from multiple entities, including TransUnion, will be released”. This prompted the firm to run an investigation with third-party cybersecurity and forensic expects, which concluded that there is “no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment.”

Furthermore, TransUnion says, the data, formatting, and fields, don’t match the content or formats it uses, “indicating that any such data came from a third party.”

While this might very well be a supply chain attack, Infosecurity Magazine also reminds that the date of the database compromise aligns with a ransomware incident at TransUnion’s South African business last year.

Back then, the hackers asked for $15 million in exchange for the decryption key, and not leaking sensitive data on the dark web.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Separate reports claim USDoD works with a ransomware group known as Ransomed, and that they’re responsible for the data leak from 3,200 Airbus vendors earlier this month.

ViaInfosecurity Magazine

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday