One of the three major U.S. consumer credit bureaus has been breached, leaving the data of more than 4.4 million people exposed to hackers. TransUnion, which maintains credit information on 200 million consumers in the United States and shares that information with 65,000 other organizations, has just disclosed a breach that occurred last month amid the larger Salesforce data theft.
What happened at TransUnion?
According to a data breach notice submitted to the Maine attorney general, a “cyber incident involving a third-party application” occurred at TransUnion on July 28, allowing threat actors unauthorized access to some U.S. consumers’ personal information. The letter being distributed to those affected states that credit reports and “core credit information” were not included in the breach, though the company hasn’t disclosed specifics as to what was compromised. The breach was discovered on July 30.
As BleepingComputer reports , the incident is linked to series of recent attacks carried out by the ShinyHunters hacking group on Salesforce, a major customer relationship management (CRM) platform. Other Salesforce-connected companies that have been impacted include Google, Workday, Allianz Life, and a handful of major retailers like Adidas and LVMH.
What TransUnion customers need to do now
TransUnion began notifying affected consumers on Aug. 26, so be on the lookout for a letter from the company. Anyone whose data were compromised can enroll in 24 months of free credit monitoring provided by My TrueIdentity—which belongs to TransUnion—including identity protection and resolution services and $1 million in identity theft insurance.
To sign up via the My TrueIdentity website , you’ll need the unique activation code from your letter, and you’ll need to provide an email address and verify some personal information. Note that the offer is valid for 90 days from the date of the notice.
If you haven’t already, you should also freeze your credit with each of the three major credit bureaus (Equifax, Experian, and TransUnion) to prevent bad actors from opening accounts in your name. If you believe your Social Security number or other information has been compromised, you can place a fraud alert at one bureau, which will share it with the other two. You should also take other measures to lock down your identity , including monitoring all of your accounts and reporting suspicious activity immediately.
If you need to speak to someone at TransUnion about the breach, you can call 800-516-4700 between 8 a.m. and 8 p.m. ET Monday to Friday.
