News

TransUnion credential stuffing attack exposes Canadian users credit info

Tuesday 8 October 2019 11:00 CET | News

An unauthorised person was able to gain access to a TransUnion Canada web portal, via a credential stuffing attack, and use it to pull consumer credit files.

TransUnion Canada began sending out data security incident notifications via postal mail to consumers whose information was exposed, BleepingComputer has learned. TransUnion operates a portal through which business customers can retrieve consumer credit files for permitted purposes.

These notifications state that an unauthorised user obtained CWB National Leasings access code and password to the portal, which enabled the negative actor to view some of TransUnions credit file information between approximately June 28 and July 11, 2019.

Once the unauthorised user gained access to the TransUnion portal, they could perform credit searches using a consumers name, address, DOB, or Social Insurance Number (SIN).

If the correct information was entered, a credit file would be shown that contains the consumers name, date of birth, current and past addresses, and information related to the credit, such as loan obligations, amounts owed, and payment history. Actual account numbers, though, would not be included in the report.

While this is not a data breach in the sense that the hacker were able to gain access to the TransUnions full database, it is still concerning as they would have been able to query for a consumers credit file.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: TransUnion, Canada, stuffing attack, online security, fraud prevention, credit info
Categories:
Countries: World

Related

IDEX Biometrics, Chutian Dragon sign on-card enrollment patent license agreement

Published 09 Oct 2019 00:05 CET | World
IDEX Biometrics has entered a worldwide license agreement with Asia-based smart card manufacturer Chutian Dragon to use IDEX’s biometric enrollment intellectual property....