A hacker has posted a stolen database on the dark web, alleging it contains sensitive data stolen from credit agency TransUnion. However, the company says there is no evidence of any data compromise or exfiltration, and claims that whatever data is recovered must have been stolen from a third party.
Under the pseudonym “USDoD,” the hacker posted a 3GB database on BreachForums, a popular underground site where criminals exchange tools and information. This database, it is claimed, contained personally identifiable information (PII) on more than 58,000 people, at least some of whom appear to be TransUnion customers.
The data includes full names, TransUnion internal identifiers, passport information such as dates and places of birth, marital status, age, employer information, credit scores, and information about the loans.
Third party compromise
Following the leak and subsequent media coverage, TransUnion issued a short statement claiming to be aware of “certain limited online activity alleging that data obtained from multiple entities, including TransUnion, is being leaked.” This prompted the company to conduct a third-party cybersecurity and forensic investigation, which concluded that there is “no indication that TransUnion’s systems were breached or that data have been exfiltrated from our environment.
Additionally, TransUnion claims, the data, formatting and fields do not match the content or formats it uses, “indicating that this data comes from a third party.”
While this could very well be a supply chain attack, Infosecurity Magazine also points out that the date of the database compromise matches a ransomware incident that occurred last year in the business. South African companies of TransUnion.
At the time, the hackers demanded $15 million in exchange for the decryption key and not disclosing sensitive data on the dark web.
Separate reports claim that USDoD is working with a ransomware group known as Ransomed and that they are responsible for leaking data from 3,200 Airbus suppliers earlier this month.
Via Information Security Magazine