Recently, a hacker operating under the pseudonym “USDoD” posted a 3GB database on the dark web, alleging that it contained sensitive information stolen from the credit agency TransUnion. The database, shared on the underground site BreachForums, purportedly contained personally identifiable information (PII) for over 58,000 individuals, including some TransUnion customers.
The compromised data encompassed full names, internal TransUnion identifiers, passport details such as birthdates and places of birth, marital status, age, employer information, credit scores, and loan details.
In response to the data leak and ensuing media coverage, TransUnion issued a brief statement. The company acknowledged “some limited online activity alleging that data obtained from multiple entities, including TransUnion, will be released.” Subsequently, TransUnion initiated an investigation in collaboration with third-party cybersecurity and forensic experts.
The investigation yielded a crucial outcome: there is “no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment,” stated TransUnion.
Furthermore, TransUnion pointed out that the data’s formatting and fields do not align with its content or formats, strongly suggesting that this data originated from a third party.
While the possibility of a supply chain attack cannot be ruled out, it’s important to note that the timing of this database compromise coincides with a ransomware incident involving TransUnion’s South African business in the previous year. During that incident, the hackers demanded a $15 million ransom in exchange for the decryption key and refraining from leaking sensitive data on the dark web.
There are also separate reports linking USDoD to a ransomware group known as Ransomed, which was allegedly responsible for the recent data leak affecting 3,200 Airbus vendors earlier this month. The situation continues to evolve, and investigations are ongoing to ascertain the origin and legitimacy of the data breach.
