TransUnion denies data breach amid hacker’s claims

Credit reporting firm TransUnion (NYSE:) has denied allegations of a data breach this week, following claims from a hacker known as ‘USDoD’ that they had stolen and published 3Gb of information from the company’s systems. The denial came two days after the alleged database, containing personal details of about 58,000 individuals, was published on a cybercrime forum.

TransUnion stated on its website that it had launched an immediate investigation into the matter upon learning of the hacker’s claims. However, the firm found no evidence to support the claim that its systems had been breached. “At this time, we and our internal and external experts have found no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment,” the company said.

The supposed leaked information included individuals’ names, sex, date and place of birth, age, employer, passport data, financial transaction details, and credit scores. The threat intelligence platform Vx-underground suggested that the database appears to have been compiled in March 2022 and includes data on individuals in both Americas and Europe.

In addition to denying any breach, TransUnion also claimed that its analysis of the leaked database indicated it could originate from a third party. “Through our investigation, we have found that multiple aspects of the messages – including the data, formatting, and fields – do not match the data content or formats at TransUnion, indicating that any such data came from a third party,” the firm added.

USDoD is a former member of the BreachForums cybercrime platform and is recognized for hacking the FBI’s InfraGard database. More recently, he targeted airplane maker Airbus and claimed to have also breached NATO systems.

TransUnion has previously experienced several data breach incidents over the past 18 months. In one instance in 2022, hackers reportedly obtained personal information of up to 5 million individuals from TransUnion’s South Africa division, with a Brazilian hacking group named N4ughtySec claiming responsibility. However, in this most recent case, TransUnion maintains that there is no evidence of any data breach from its systems.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.