TransUnion Canada began sending out data security incident notifications via postal mail to consumers whose information was exposed, BleepingComputer has learned. TransUnion operates a portal through which business customers can retrieve consumer credit files for permitted purposes.
These notifications state that an unauthorised user obtained CWB National Leasings access code and password to the portal, which enabled the negative actor to view some of TransUnions credit file information between approximately June 28 and July 11, 2019.
Once the unauthorised user gained access to the TransUnion portal, they could perform credit searches using a consumers name, address, DOB, or Social Insurance Number (SIN).
If the correct information was entered, a credit file would be shown that contains the consumers name, date of birth, current and past addresses, and information related to the credit, such as loan obligations, amounts owed, and payment history. Actual account numbers, though, would not be included in the report.
While this is not a data breach in the sense that the hacker were able to gain access to the TransUnions full database, it is still concerning as they would have been able to query for a consumers credit file.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now