Month: September 2023

US consumer credit reporting agency TransUnion may have been the subject of a hacking incident leading to a data breach. Threat actor who goes by the moniker “USDoD” announced the leak of a database containing sensitive Personal Identifiable Information (PII) of 58,505 customers across North and South America and Europe.

According to Cybercriminal underworld tracker vx-underground who reported the leak, the archive contains data that dates back to March 2, 2022, which could be the data of the data breach.

vx-underground stated that leaked data includes first name, last name, Internal TransUnion identifiers, sex, passport information, place of birth, date of birth, civil status, age, current employer, information on their employer, a summary of financial transactions, credit score, loans in their name, remaining balances on the loans, where they got the loan from, and when TransUnion first began monitoring their information.

In response, TransUnion investigated the claim, and made a statement that its systems weren’t breached, and that the data may have come from a third party. “We have found that multiple aspects of the messages – including the data, formatting, and fields – do not match the data content or formats at TransUnion”, said the statement.

Read more about it here.

The personal details of over 20,000 UK police officers have been stolen after a suspected ransomware attack on a third-party supplier.

Greater Manchester Police (“GMP”), the fourth largest police department in the UK, confirmed on September 14, 2023 that its supplier, identity card maker Digital ID, holds “some information on those employed by GMP.”

“We understand how concerning this is for our employees so, as we work to understand any impact on GMP, we have contacted the Information Commissioners Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported.”, says the announcement.

GMP does not believe the data on the hacked systems contains financial information belonging to the police department’s employees.

Read more about it here.

Cybersecurity firm Akamai successfully detected and prevented a massive distributed denial-of-service (DDoS) attack targeting an unnamed, leading American financial institution on the Prolexic platform. The attack occurred on September 5, 2023 at approximately 19:31 UTC.

“Cybercriminals used a combination of ACK, PUSH, RESET, and SYN flood attack vectors, peaking at 633.7 gigabits per second (Gbps) and 55.1 million packets per second (Mpps). The attack was sharp but lasted for less than 2 minutes, and was proactively mitigated by our customer’s comprehensive cyberdefense posture.” reads the post published by Akamai.

During the attack, the top 10 sources for the targeted malicious traffic originated from Bulgaria, Brazil, China, India, United States, Thailand, Russia, Ukraine, Vietnam, and Japan. During the attack, the traffic from the US was more than double the volume of peacetime traffic originating from the country.

Read more about it here.