Furthermore, TransUnion pointed out that the data’s formatting and fields do not align with its content or formats, strongly suggesting that this data originated from a third party.
While the possibility of a supply chain attack cannot be ruled out, it’s important to note that the timing of this database compromise coincides with a ransomware incident involving TransUnion’s South African business in the previous year. During that incident, the hackers demanded a $15 million ransom in exchange for the decryption key and refraining from leaking sensitive data on the dark web.