TransUnion has announced that over 4 million individuals’ data was recently exposed in a breach involving an unidentified third party.
In a letter posted on the website of Maine’s attorney general, the company mentioned it experienced a cyber incident involving a third-party application serving its US customer support operations. TransUnion contained the issue fast, mentioning that the breach did not involve its core credit database or credit reports, but provided no evidence for this claim. The data breach notice did not specify what specific types of personal data were stolen.
More about the breach
Maine legally requires disclosures for some types of breaches affecting its residents. The name of the third-party player was not disclosed, yet the US corporations have seen a wave of compromises as fraudsters trick employees into opening up their respective employers’ Salesforce database.
In a separate data breach disclosure filed with Texas’ attorney general’s office, TransUnion confirmed that the stolen data included customers’ names, dates of birth, and Social Security numbers.
Several other companies, such as Google, Allianz Life, Cisco, and Workday, reported data breaches this year, having customer data stored in their Salesforce-hosted cloud databases. Following the hacks, Google accused an extortion group known as ShinyHunters of causing the breaches.
Some sources declare that it is not clear whether the hackers made any demands from the credit union or who is behind the breach. The company is a key player in the US market, storing the financial data of over 260 million Americans. It is the most recent corporate firm to have been hacked, following a wave of cybercrimes targeting the insurance, retail, and transportation industries.
