[ad_1]
Credit scoring and monitoring biz TransUnion says that it recently suffered a breach affecting nearly 4.5 million individuals.
Readers may notice the irony of a credit monitoring company, whose services are so often given “free of charge” to victims of data breaches in order to “secure” their identity and credit score, being popped itself.
According to a filing made by TransUnion’s in-house counsel to the Office of the Maine Attorney General, a recent attack on a third-party application compromised the personal data of 4,461,511 people.
In the template letter due to be sent this week, TransUnion did not specify the types of data accessed, but said that personal information was exposed to attackers who targeted the third-party app used by consumer support staff.
This usually entails basic information such as names, home and email addresses, and phone numbers. In some cases, it can also include passport, driver’s license, and national identity card details.
The company confirmed that neither credit reports nor core credit data was affected, and that the exposed information “was limited to specific data elements.”
“TransUnion takes the protection of personal information seriously, which is why we engage in robust, proactive security measures,” its letter to consumers read. “We continue to enhance our security controls as appropriate to minimize the risk of any similar incident in the future.”
According to the Maine filing, the attack occurred on July 28 and TransUnion discovered it two days later.
The Register asked TransUnion which third-party application led to the breach, whether it was connected to the recent breaches at Salesforce customers, what types of data were compromised, and whether the data was stolen.
The company told us: “TransUnion recently experienced a cyber incident that affected a third-party application serving our US consumer support operations. Upon discovery, we quickly contained the issue, which did not involve our core credit database or include credit reports.
“The incident involved unauthorized access to limited personal information for a very small percentage of US consumers. We are working with law enforcement and have engaged third party cybersecurity experts for an independent forensics review.”
It’s not just Salesforce customers lining up to confess to third-party breaches. Verizon’s most recent Data Breach Investigations Report (DBIR) noted that between 2023 and 2024, reports of data snafus involving third parties had doubled as attackers increasingly target supply chains.
And here’s the kicker. As ever with data breach disclosures, the victim company almost always offers affected individuals credit monitoring services and fraud support. It’s no different in this TransUnion case, which is providing its own cleanup services to breach victims.
TransUnion will supply credit monitoring for 24 months, via myTrueIdentity Online, and fraud assistance will be coming from Cyberscout, a TransUnion-owned company.
The Register asked TransUnion for additional information, and we’ll update the story if it responds. ®
[ad_2]
Source link
Click Here For The Original Source.
