American credit reporting giant TransUnion has become the victim of a huge data breach resulting in the exposure of personal data belonging to 4.4 million US-based people.
According to documents filed with Maine’s attorney general, the breach was discovered earlier this year on July 30, two days after the hacking incident occurred.
TransUnion, which collects and aggregates information on over a billion consumers spanning over thirty countries, is one of the ‘big three’ American credit reporting agencies, alongside Experian and Equifax.
While TransUnion has stated that the compromised data did not include credit card details, threat actors reportedly did manage to access Social Security Numbers belonging to Americans.
According to Bleeping Computer, the data was stolen from TransUnion’s Salesforce account, with the attack said to be part of a larger operation linked to the hacking group ShinyHunters, which also recently targeted a Google database managed through Salesforce’s cloud platform.
Although that breach saw the unauthorized access of business files, including company names and customer contact details, Google said that it does not believe any passwords were stolen.
Other victims impacted by this year’s wave of known Salesforce-related data theft attacks include high-profile companies Allianz Life, Farmers Insurance, Quantas, Cisco and Chanel.
ShinyHunters has claimed that the stolen TransUnion data holds in excess of 13 million records, 4.4 million of which are related to US-based people.
The extortion group shared a stolen data sample said to contain TransUnion customers’ sensitive information, such as names, phone numbers, birthdates, billing addresses, email addresses, and unredacted social security numbers.
A sample of the TransUnion data breach notifications (sent to impacted clients) revealed that the credit reporting agency had “experienced a cyber incident involving a third-party application” serving its US consumer support operations.
“The unauthorized access includes some limited personal information belonging to you,” the data breach notice continued.
While exact details weren’t given as to what was stolen, TransUnion did specify that no credit reports or core credit information had been compromised during the cyber attack.
The agency also offered two years of free identity theft and credit monitoring protection to all impacted clients.
Cyber security researchers continue to urge those affected by the massive breach to immediately change their passwords, freeze their credit, and activate bank account fraud alerts.Be sure to shield your personal and financial data against the latest cyber threats with our Award-Winning TotalAV antivirus, equipped with 24/7 real-time scanning, plus a host of other essential industry-leading, cutting-edge tools.
English 
Español 
Deutsch 
Français 
Italiano 
Nederlands 
Português 
Dansk 
Svenska 
Čeština 
Polski 
Türkçe 
Norsk bokmål