Consumer credit reporting company TransUnion has experienced a significant data breach, leading to the exposure of personal details for more than 4.4 million individuals in the United States.
TransUnion is one of the three major credit reporting agencies in the country, along with Equifax and Experian.
The breach to took place on July 28 and was discovered two days later, according to documents filed with Maine’s attorney general.
TransUnion clarified that while no credit information was compromised, the attackers did manage to obtain Social Security numbers from Americans nationwide.
BleepingComputer reports that this breach was part of a larger cyberattack targeting a Google database handled via Salesforce’s cloud services.
This cyberattack, attributed to a group called ShinyHunters, involved the theft of numerous business files, including company names and customer contacts. Google stated that no passwords were acquired in the breach.
The cybersecurity news outlet noted that the Salesforce attacks have also affected major organizations like Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas.
Past incidents have led cybersecurity experts to advise affected individuals to update their passwords, implement credit freezes, and enable fraud alerts on their banking accounts.
Over 4.4 million Americans had their personal data stolen in a breach targeting credit reporting company TransUnion
TransUnion is one of the three major credit reporting agencies in the US, along with Equifax and Experian, and they also operate in 30 other countries
TransUnion did not go into details about what limited information was exposed but noted that no ‘core credit information’ was stolen in the hack.
‘We recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations. The unauthorized access includes some limited personal information belonging to you,’ TransUnion wrote in a letter to its customers.
The credit bureau has collected and maintains up-to-date records on more than 200 million people in the US.
TransUnion’s credit information is used to assess a person’s creditworthiness, helping lenders, employers, and others make informed decisions about loans, employment, or other financial transactions.
The Daily Mail has reached out to TransUnion for a comment on the situation and is awaiting their response.
TransUnion has offered those impacted 24 months of free credit monitoring and identity theft protection services.
According to the filing with the Attorney General’s office in Maine, 4,461,511 people were affected by the data breach.
However, only 16,828 were from the state of Maine, meaning that millions of Americans throughout the country may have had their Social Security numbers stolen.
Cybersecurity researchers revealed that a hacking group known as ShinyHunters has been responsible for a wave of attacks targeting Salesforce databases
Along with filing for identity theft protection, freezing your credit allows consumers to block anyone from using their personal information to open up new financial accounts in their name.
Fraudsters typically need key details about you to open new accounts, such as your full name, Social Security number, date of birth, address, and sometimes additional details like a driver’s license number or existing account information.
However, if hackers gain access to this data, they can impersonate you and apply for credit cards, loans, or other financial accounts without your knowledge.
In an exclusive interview with the Daily Mail, cybersecurity expert James Knight revealed how these ongoing attacks have opened up millions, and potentially billions, of people to devious phishing scams online and over the phone.
After the Salesforce database connected to Google was breached, Knight explained how scammers were using the information they obtained to track down Gmail users, impersonate Google employees, and trick them into revealing their passwords.
‘If you do get a text message or a voice message from Google, don’t trust it’s from Google. Nine times out of ten, it’s likely not,’ he warned.
The pen tester for DigitalWarfare.com added that hackers were also attempting to force their way into people’s accounts by trying easy-to-guess passwords, like ‘password,’ on any email accounts they were able to find.
