In a recent cybersecurity development, TransUnion, a prominent credit reporting agency, appears to be grappling with a potential data breach incident.
A hacker, operating under the alias “USDoD,” has allegedly compromised the personal information of 58,505 customers spanning North and South America, as well as Europe. The breached data reportedly encompasses sensitive details such as full names, credit scores, and loan balances.
TransUnion has refrained from officially acknowledging the breach and has declined to comment on the matter publicly. Details surrounding this incident remain relatively scarce.
USDoD, in a communication posted on the BreachForums online bulletin board—a platform recognized for its association with cybercriminal activities—asserted that the breach was a collaborative effort involving a ransom scenario.
It’s worth mentioning that BreachForums succeeded a previous forum bearing the same name, which ceased operations earlier this year following the arrest of its founder. “Ransomed” is a reference to a newly-emerged cyber extortion group, employing the tactic of threatening victims with exposure to data protection authorities unless a monetary payment is made, a strategy deemed more cost-effective than facing potential state fines.
USDoD, previously recognized as “NetSec” on the now-defunct RaidForums, gained notoriety in 2022 for infiltrating InfraGard, a cybersecurity forum with ties to the FBI. This particular breach resulted in USDoD publicly disclosing sensitive information about InfraGard members on a cybercrime forum.
On September 11, USDoD asserted that he had shared leaked information regarding approximately 3,200 Airbus vendors, including their full names, addresses, phone numbers, and email addresses.
In a somewhat unconventional interview with DataBreaches.net, conducted on Sunday, USDoD emphasized, “I Am Not Pro-Russia, and I Am NOT a Terrorist, Either!”
It is important to note that TransUnion has experienced a series of data breach incidents within the past 18 months, with a notable occurrence in 2022 involving the compromise of personal information for up to 5 million individuals from TransUnion’s South Africa division. Responsibility for that breach was claimed by a Brazilian hacking group known as “N4ughtySec.”