Credit score reporting agency TransUnion has denied claims of a safety breach after a menace actor often known as USDoD leaked knowledge allegedly stolen from the corporate’s community.
The Chicago-based firm’s over 10,000 workers present their providers to tens of millions of shoppers and greater than 65,000 companies from 30 international locations.
“Instantly upon discovering these assertions, we partnered with exterior cybersecurity and forensic specialists to launch a radical investigation,” the corporate stated.
“Presently, we and our inside and exterior specialists have discovered no indication that TransUnion programs have been breached or that knowledge has been exfiltrated from our surroundings.”
The investigation into the claims discovered that the knowledge leaked by USDoD was seemingly obtained from one other group’s programs, provided that the info and its formatting are completely different than TransUnion’s.
“By our investigation, we have now discovered that a number of points of the messages – together with the info, formatting, and fields – don’t match the info content material or codecs at TransUnion, indicating that any such knowledge got here from a 3rd celebration,” TransUnion stated.
In response to the USDoD’s itemizing revealed on a hacking discussion board over the weekend, the database allegedly stolen from TransUnion’s programs consists of a variety of delicate info of roughly 59,000 individuals worldwide.
USDoD is a former member of the infamous BreachForums (aka Breached) hacking discussion board that was seized by U.S. legislation enforcement in June.
The menace actor was additionally linked to the tried sale of InfraGard’s consumer database on Breached in December 2023 for $50,000, stolen after acquiring InfraGard membership by way of social engineering.
“USDoD stated the InfraGard consumer knowledge was made simply accessible by way of an Software Programming Interface (API) that’s constructed into a number of key parts of the web site that assist InfraGard members join and talk with one another,” Brian Krebs reported on the time.
“USDoD stated after their InfraGard membership was authorised, they requested a buddy to code a script in Python to question that API and retrieve all accessible InfraGard consumer knowledge.”
The info contained the delicate info of over 80,000 members of InfraGard, an FBI program designed to share intelligence between state and native legislation enforcement companies and personal sector organizations.
