TransUnion, a prominent U.S. credit reporting agency, recently confirmed a significant data breach that compromised the personal information of approximately 4.4 million customers. The company reported on the incident in required disclosures to the attorney general’s offices of Texas and Maine. On July 28, that changed. It stemmed from what TransUnion said was unauthorized access to a third-party application that houses customer data for TransUnion’s U.S. consumer support services business.
This sensitive information includes customers’ names, dates of birth, and Social Security numbers. This breach is especially troubling because of the sensitive nature of the data. Even worse, it’s included in a broader wave of cyberattacks targeting dozens of other sectors including insurance, retail, and transportation.
TransUnion’s breach is a reminder of the weaknesses that can occur in third-party applications that manage consumer data. Industry experts have warned for years of the dangers that come with outsourcing data management to third parties. The unauthorized access is a tremendous breach of security practices that should safeguard private consumer data.
To address the breach, TransUnion has taken action to notify affected customers and prevent harm. The company pledged to offer resources to protect against identity theft and credit monitoring services for those affected. In addition, TransUnion is working with state attorneys general to support their ongoing investigations and efforts to keep TransUnion accountable and transparent in the wake of this breach.
The incident raises questions about the adequacy of cybersecurity measures in place across various sectors. With the ever-evolving landscape of cyber threats, organizations need to be proactive in further protecting themselves from attacks.