Article Details
Scrape Timestamp (UTC): 2023-09-21 11:13:12.540
Original Article Text
Click to Toggle View
TransUnion denies it was hacked, links leaked data to 3rd party. Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network. The Chicago-based company's over 10,000 employees provide their services to millions of consumers and more than 65,000 businesses from 30 countries. "Immediately upon discovering these assertions, we partnered with outside cybersecurity and forensic experts to launch a thorough investigation," the company said. "At this time, we and our internal and external experts have found no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment." The investigation into the claims found that the information leaked by USDoD was likely obtained from another organization's systems, given that the data and its formatting are different than TransUnion's. "Through our investigation, we have found that multiple aspects of the messages – including the data, formatting, and fields – do not match the data content or formats at TransUnion, indicating that any such data came from a third party," TransUnion said. According to the USDoD's listing published on a hacking forum over the weekend, the database allegedly stolen from TransUnion's systems includes a wide range of sensitive information of roughly 59,000 people worldwide. USDoD is a former member of the notorious BreachForums (aka Breached) hacking forum that was seized by U.S. law enforcement in June. The threat actor was also linked to the attempted sale of InfraGard's user database on Breached in December 2023 for $50,000, stolen after obtaining InfraGard membership through social engineering. "USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other," Brian Krebs reported at the time. "USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data." The data contained the sensitive information of over 80,000 members of InfraGard, an FBI program designed to share intelligence between state and local law enforcement agencies and private sector organizations.
Daily Brief Summary
TransUnion, a credit reporting firm, repudiates claims of a data breach following the leak of data by a threat actor named USDoD. TransUnion's services are procured by millions of consumers and more than 65,000 businesses from 30 countries.
Upon learning of the alleged breach, TransUnion engaged with external cybersecurity and forensic experts to carry out a thorough investigation.
The experts found no evidence of a breach in TransUnion's systems, neither did they find any data exfiltrated from their environment.
It was determined that the leaked data was likely obtained from another organization's systems because the data and formatting are inconsistent with TransUnion's data.
USDoD had previously made claims of having sensitive data of about 59,000 people worldwide from TransUnion's systems.
The threat actor, USDoD, who was previously a member of the infamous BreachForums, was also linked with the attempted sale of InfraGard's user database in December 2023 and was seized by US law enforcement in June.
InfraGard is an FBI initiative designed for the sharing of intelligence between state, local law enforcement agencies, and private sector organizations.