Consumer credit reporting giant TransUnion has been struck by a massive data breach that exposed the personal information of over 4.4 million people in the US.
TransUnion is one of the three major credit reporting agencies in the country, along with Equifax and Experian.
The breach to took place on July 28 and was discovered two days later, according to documents filed with Maine‘s attorney general.
Although TransUnion said the data did not include anyone’s credit information, the hackers reportedly did gain access to Social Security numbers from Americans across the country.
According to BleepingComputer, the breach was part of a larger attack that recently targeted a Google database managed through Salesforce’s cloud platform.
That attack, by a hacking group known as ShinyHunters, stole troves of business files, containing company names and customer contact details, but Google did not believe any passwords were taken during the incident.
The cybersecurity news site added that the attacks on Salesforce have also impacted well-known companies such as Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas.
After similar breaches in the past, cybersecurity researchers have urged those affected to change their passwords, freeze their credit, and activate fraud alerts on all their bank accounts.
Over 4.4 million Americans had their personal data stolen in a breach targeting credit reporting company TransUnion
TransUnion is one of the three major credit reporting agencies in the US, along with Equifax and Experian, and they also operate in 30 other countries
TransUnion did not go into details about what limited information was exposed but noted that no ‘core credit information’ was stolen in the hack.
‘We recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations. The unauthorized access includes some limited personal information belonging to you,’ TransUnion wrote in a letter to its customers.
The credit bureau has collected and maintains up-to-date records on more than 200 million people in the US.
TransUnion’s credit information is used to assess a person’s creditworthiness, helping lenders, employers, and others make informed decisions about loans, employment, or other financial transactions.
In a statement to the Daily Mail, a spokesperson said: ‘The incident involved unauthorized access to limited personal information for a very small percentage of US consumers.’
‘We are working with law enforcement and have engaged third party cyber security experts for an independent forensics review,’ the statement continued.
TransUnion noted they are contacting anyone who was affected and has offered those impacted 24 months of free credit monitoring and identity theft protection services.
According to the filing with the attorney general’s office in Maine, 4,461,511 people were affected by the data breach.
Cybersecurity researchers revealed that a hacking group known as ShinyHunters has been responsible for a wave of attacks targeting Salesforce databases
However, only 16,828 were from the state of Maine, meaning that millions of Americans throughout the country may have had their Social Security numbers stolen.
Along with filing for identity theft protection, freezing your credit allows consumers to block anyone from using their personal information to open up new financial accounts in their name.
Fraudsters typically need key details about you to open new accounts, such as your full name, Social Security number, date of birth, address, and sometimes additional details like a driver’s license number or existing account information.
However, if hackers gain access to this data, they can impersonate you and apply for credit cards, loans, or other financial accounts without your knowledge.
In an exclusive interview with the Daily Mail, cybersecurity expert James Knight revealed how these ongoing attacks have opened up millions, and potentially billions, of people to devious phishing scams online and over the phone.
After the Salesforce database connected to Google was breached, Knight explained how scammers were using the information they obtained to track down Gmail users, impersonate Google employees, and trick them into revealing their passwords.
‘If you do get a text message or a voice message from Google, don’t trust it’s from Google. Nine times out of ten, it’s likely not,’ he warned.
The pen tester for DigitalWarfare.com added that hackers were also attempting to force their way into people’s accounts by trying easy-to-guess passwords, like ‘password,’ on any email accounts they were able to find.
This article was originally published by a www.dailymail.co.uk . Read the Original article here. .