The Transunion data breach exposed data from up to 4.4 million customers.
Sensitive personal information belonging to 4.4 million customers, including names and social insurance numbers, was exposed in a data breach by the credit bureau Transunion, which is believed to be the latest in a series of attacks targeting the company’s Salesforce database.
A Transunion spokesman told CNET that the data breach occurred on July 28 and was identified and included within hours. Transunion is one of three credit bureaus – as well as Equifax and Experian, which compiles your financial activity into a credit report and then uses it to create a credit score. The Credit Bureau said it is notifying people who may be affected and share the actions the company is taking.
Don’t miss our unbiased technical content and lab-based reviews. Add CNET As the preferred Google source on Chrome.
Two separate state documents provide more details on the situation. Court Submit in Maine Indicates that Transunion confirms unauthorized access from third-party applications that store personal customer data. Although the notice to the consumer said there was no access to credit information,”Limited personal information“Exposed. But Another document from Texas It points out that the name of the individual, social security number and birthday was violated.
A Transunion spokesman further clarified that the violation involved third-party applications that support operations for U.S. consumers but did not include their core credit databases or credit reports. The bureau has hired independent evidence forensic review with third-party cybersecurity experts.
The vulnerability is Google Report In June, hackers used modified versions of Salesforce-related apps to steal massive amounts of data, penetrate other cloud systems and ransom companies. The same report named Shinyhunters, a group of cybercriminal hackers, and said it was related to the ransomware claims of employees of victim organizations.
according to BleepingComputerincluding Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel and Qantas. Salesforce said social engineering, not its platform, should be blamed on the attack.
SalesForce is in Augustadded that customers can reduce risk by enabling multi-factor authentication and CLASSLEY management of connected applications.
Consumer rights law firm Wolf Haldenstein Issue an alarm In violations, and those who receive notifications and find abnormal activity in their credit reports are encouraged.
If you are unsure whether your private data is leaked or have not received any communication from Transunion, you can check it with its fraud victim assistance department by calling 800-680-7289.
Even if you have not received any notice, you can always Freeze your credit for freeenable Two-factor authentication Or add one Security Key to your account.
