TransUnion denies it was hacked, links leaked data to 3rd party

Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company’s network.

The Chicago-based company’s over 10,000 employees provide their services to millions of consumers and more than 65,000 businesses from 30 countries.

“Immediately upon discovering these assertions, we partnered with outside cybersecurity and forensic experts to launch a thorough investigation,” the company said.

“At this time, we and our internal and external experts have found no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment.”

The investigation into the claims found that the information leaked by USDoD was likely obtained from another organization’s systems, given that the data and its formatting are different than TransUnion’s.

“Through our investigation, we have found that multiple aspects of the messages – including the data, formatting, and fields – do not match the data content or formats at TransUnion, indicating that any such data came from a third party,” TransUnion said.

According to the USDoD’s listing published on a hacking forum over the weekend, the database allegedly stolen from TransUnion’s systems includes a wide range of sensitive information of roughly 59,000 people worldwide.

USDoD leak (BleepingComputer)

​USDoD is a former member of the notorious BreachForums (aka Breached) hacking forum that was seized by U.S. law enforcement in June.

The threat actor was also linked to the attempted sale of InfraGard’s user database on Breached in December 2023 for $50,000, stolen after obtaining InfraGard membership through social engineering.

“USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other,” Brian Krebs reported at the time.

“USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data.”

The data contained the sensitive information of over 80,000 members of InfraGard, an FBI program designed to share intelligence between state and local law enforcement agencies and private sector organizations.


Note: Any text modified or added by CorruptionLedger is highlighted in blue, and the following characters indicate content was shortened: [...] The symbols are for removing unnecessary/biased/flowery language. For example:

"The oppressive government imposed a curfew" becomes: "The [...] government imposed a curfew."