Security

Cyber-crime

TransUnion reckons big dump of stolen customer data came from someone else

Prolific info-thief strikes again


Updated Days after a miscreant boasted leaking a 3GB-plus database from TransUnion containing financial information on 58,505 people, the credit-checking agency has claimed the info was actually swiped from a third party.

On Sunday, a thief using the handle USDoD shared via a cyber-crime forum what was claimed to be a TransUnion database containing sensitive information belonging to people in North and South America, Europe, and other parts of the world. This database is said to include people's names, internal TransUnion identifiers, passport information, ages, dates and places of birth, employers, summary of financial transactions, credit scores, and loan details, among other sensitive material.

According to VX-Underground, which flagged up the dump on Twitter over the weekend, a copy of this database appeared to have been snatched on March 2 last year.

TransUnion did admit in 2022 it suffered a security breach after criminals broke into a South African server and stole data relating to five million customers and 600,000 businesses.

In a brief statement issued on Tuesday, the credit-rating giant addressed USDoD's claims.

"TransUnion is aware of some limited online activity alleging that data obtained from multiple entities, including TransUnion, will be released," the biz said in its note Tuesday.

In what has become boilerplate language in responding to security snafus, the credit-report biz said it "immediately" took steps to respond to the claims, including partnering with outside cybersecurity and forensic experts and launching an investigation.

"At this time, we and our internal and external experts have found no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment," the statement continued.

And then it points the blame elsewhere.

"Through our investigation, we have found that multiple aspects of the messages — including the data, formatting, and fields — do not match the data content or formats at TransUnion, indicating that any such data came from a third party."

TransUnion did not respond to The Register's inquiries, including whether it knows who the third party may be, how USDoD snatched the data in the first place, and if this leak is related to the 2022 security failure.

"Data protection is top priority at TransUnion. We take seriously any assertions regarding our information security and will continue to closely monitor this situation," the company's statement concluded.

USDoD is the same fiend named in court documents [PDF] related to the arrest of Conor Brian Fitzpatrick, aka pompompurin, who ran BreachForums before the Feds shut down an incarnation of the message board earlier this year. 

According to the court documents, USDoD in 2022 broke into the FBI's InfraGard, and then leaked contact details belonging to the almost 80,000 of the information-sharing network's members.

More recently, USDoD reportedly raided Airbus and posted personal information belonging to the aerospace giant's 3,200 vendors on a cyber-crime forum. ®

Updated to add

Transunion have confirmed the incident was not related to the March 2022 South African incident but is a new issue.

Tell your friends

Some readers ask us if they can support The Register through some kind of subscription. The best way to back El Reg and keep our journalism flowing is to spread the word on social media, tell a colleague, sign up for a Register account and our newsletters, and comment away on articles.

Find and share us on Bluesky, LinkedIn, and Twitter. Tip us off with news. And thank you for reading.

Send us news
6 Comments

Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used

Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

'Codefinger' crims on the hunt for compromised keys

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit

3 CVEs added to CISA's catalog

Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases

Gee, wonder why Beijing is so keen on the – checks notes – Committee on Foreign Investment in the US

Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts

FSB cyberspies venture into a new app for espionage, Microsoft says

China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says

We are only seeing 'the tip of the iceberg,' Easterly warns

FBI wipes Chinese PlugX malware from thousands of Windows PCs in America

Hey, Xi: Zài jiàn!

Microsoft sues 'foreign-based' cyber-crooks, seizes sites used to abuse AI

Scumbags stole API keys, then started a hacking-as-a-service biz, it is claimed

Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed

Here's what $20 gets you these days

FireScam infostealer poses as Telegram Premium app to surveil Android devices

Once installed, it helps itself to your data like it's a free buffet

Charter, Consolidated, Windstream reportedly join China's Salt Typhoon victim list

Slow drip of compromised telecom networks continues

Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid

OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop