An unauthorized person was able to gain access to a TransUnion Canada web portal and use it to pull consumer credit files using a credential stuffing attack.
Once the unauthorized user gained access to the TransUnion portal, they could perform credit searches using a consumer’s name, address, DOB, or Social Insurance Number (“SIN).
If the correct information was entered, a credit file would be shown that contains the consumer’s name, date of birth, current and past addresses, and information related to the credit, such as loan obligations, amounts owed, and payment history. Actual account numbers, though, would not be included in the report.
An unauthorized person was able to gain access to a TransUnion Canada web portal and use it to pull consumer credit files: https://t.co/OarnF15sGx
— Adam Levin (@Adam_K_Levin) October 8, 2019
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
