TransUnion reported a data breach in which threat actors accessed personal information of over 4.4 million customers.
TransUnion disclosed a data breach that impacted more than 4,461,511 customers.
The company is one of the three major credit reporting agencies in the United States (alongside Experian and Equifax). It collects and maintains credit information on consumers and businesses, including credit history, loans, payment records, and public records. Companies use TransUnion’s data to make decisions about lending, credit approvals, insurance, employment, and other financial services.
The incident involved a third-party application serving the company’s U.S. consumer support operations.
“We recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations. The unauthorized access includes some limited personal information belonging to you.” reads the data breach notification shared with Maine’s attorney general’s office. “
The notification did not specify which kind of personal data were compromised, the company stressed that the accessed data doesn’t include “credit information.
“The information was limited to specific data elements and did not include credit reports or core credit
information” continues the notification. “TransUnion takes the protection of personal information seriously, which is why we engage in robust, proactive security measures. We continue to enhance our security controls as appropriate to minimize the risk of any similar incident in the future.”
The reporting giant did not provide technical details about the attack.
TransUnion is providing impacted individuals with access to myTrueIdentity Online (TransUnion) Credit Monitoring services at no charge for 24 months.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
