A hacker has posted a stolen database on the dark web alleging it contains sensitive data stolen from credit agency TransUnion. However, the company says there is no evidence of any compromise or data exfiltration, and argues that whatever data was taken - must have been stolen from a third party.
Going by the alias “USDoD”, the hacker published a 3GB database on BreachForums, a popular underground site where criminals exchange tools and information. This database, it was claimed, carried personally identifiable information (PII) on more than 58,000 people, at least some of whom appear to be TransUnion customers.
The data includes full names, internal TransUnion identifiers, passport information such as birth dates and places of birth, marital status, age, employer information, credit scores and loan information.
Third party compromised
Following the leak, and subsequent media coverage, TransUnion published a short statement claiming to be aware of “some limited online activity alleging that data obtained from multiple entities, including TransUnion, will be released”. This prompted the firm to run an investigation with third-party cybersecurity and forensic expects, which concluded that there is “no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment.”
Furthermore, TransUnion says, the data, formatting, and fields, don’t match the content or formats it uses, “indicating that any such data came from a third party.”
While this might very well be a supply chain attack, Infosecurity Magazine also reminds that the date of the database compromise aligns with a ransomware incident at TransUnion’s South African business last year.
Back then, the hackers asked for $15 million in exchange for the decryption key, and not leaking sensitive data on the dark web.
Separate reports claim USDoD works with a ransomware group known as Ransomed, and that they’re responsible for the data leak from 3,200 Airbus vendors earlier this month.
More from TechRadar Pro
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.