Experts On Credit Information Exposed In TransUnion Credit Stuffing Attack

Experts Comments (8)
An unauthorized person was able to gain access to a TransUnion Canada web portal and use it to pull consumer credit files using a credential stuffing attack. Once the unauthorized user gained access to the TransUnion portal, they could perform credit searches using a consumer's name, address, DOB, or Social Insurance Number ("SIN). If the correct information was entered, a credit file would be shown that contains the consumer's name, date of birth, current and past addresses, and information related to the credit, such as loan obligations, amounts owed, and payment history. Actual account numbers, though, would not be included in the report.