Credit reporting firm TransUnion has refuted reports of a security breach after a threat actor known as USDoD purportedly leaked information stolen from the company's network.
Millions of customers and more than 65,000 businesses from 30 countries are served by the over 10,000 employees of the Chicago-based firm.
"Immediately upon discovering these assertions, we partnered with outside cybersecurity and forensic experts to launch a thorough investigation," the company stated. "At this time, we and our internal and external experts have found no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment."
Given that the data and its formatting are different from TransUnion, the inquiry into the claims discovered that the information stolen by USDoD was probably acquired from another organisation's systems.
"Through our investigation, we have found that multiple aspects of the messages – including the data, formatting, and fields – do not match the data content or formats at TransUnion, indicating that any such data came from a third party," TransUnion added.
The database allegedly stolen from TransUnion's devices contains a wide range of sensitive information on close to 59,000 individuals worldwide, according to the USDoD listing posted on a hacker site over the weekend.
USDoD was a member of the infamous BreachForums (aka Breached) hacking site, which was confiscated by US law authorities in June.
The threat actor was also connected to the failed attempt to sell $50,000 worth of InfraGard's user database on Breached in December 2023 after gaining access to InfraGard through social engineering.
At the time, Brian Krebs wrote that the Department of Defence (USDoD) claimed that the InfraGard user data was made freely accessible via an Application Programming Interface (API) that is incorporated into numerous essential elements of the website that facilitate communication and connection amongst InfraGard users.
After their InfraGard membership was granted, according to USDoD, they directed a friend to write a Python script to query that API and retrieve every piece of InfraGard user data that was accessible.
The data included the private information of more than 80,000 members in InfraGard, an FBI initiative to facilitate intelligence sharing between federal, state, and local law enforcement agencies as well as businesses.