The Information Highway

The Information Highway

Font size: +
2 minutes reading time (374 words)

TransUnion denies it was hacked, links leaked data to 3rd party

Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network. 

The Chicago-based company's over 10,000 employees provide their services to millions of consumers and more than 65,000 businesses from 30 countries.

"Immediately upon discovering these assertions, we partnered with outside cybersecurity and forensic experts to launch a thorough investigation," the company said.

"At this time, we and our internal and external experts have found no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment."

The investigation into the claims found that the information leaked by USDoD was likely obtained from another organization's systems, given that the data and its formatting are different than TransUnion's.

"Through our investigation, we have found that multiple aspects of the messages – including the data, formatting, and fields – do not match the data content or formats at TransUnion, indicating that any such data came from a third party," TransUnion said.

According to the USDoD's listing published on a hacking forum over the weekend, the database allegedly stolen from TransUnion's systems includes a wide range of sensitive information of roughly 59,000 people worldwide. 

USDoD leak (BleepingComputer)

USDoD is a former member of the notorious BreachForums (aka Breached) hacking forum that was seized by U.S. law enforcement in June.

The threat actor was also linked to the attempted sale of InfraGard's user database on Breached in December 2023 for $50,000, stolen after obtaining InfraGard membership through social engineering.

"USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other," Brian Krebs reported at the time.

"USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data." 

The data contained the sensitive information of over 80,000 members of InfraGard, an FBI program designed to share intelligence between state and local law enforcement agencies and private sector organizations.

Microsoft Copilot rolls out with Windows 11 22H2 u...
iPhone 15 Pro delays — here’s the latest delivery ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023