{ "id": "77522667-7d65-4b6c-b4bc-29b63df7dd71", "created_at": "2026-04-06T00:14:17.558803Z", "updated_at": "2026-04-10T03:28:09.038327Z", "deleted_at": null, "sha1_hash": "5c22851c513bad5569959fd0d56b27a30d6a4401", "title": "CySecurity News - Latest Information Security and Hacking Incidents: TransUnion Refutes Data Breach Reports Amid Hacker's Claims", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 81300, "plain_text": "CySecurity News - Latest Information Security and Hacking\r\nIncidents: TransUnion Refutes Data Breach Reports Amid\r\nHacker's Claims\r\nBy CySecurity News, twitter.com/ehackernews\r\nArchived: 2026-04-05 14:42:03 UTC\r\nCredit reporting firm TransUnion has refuted reports of a security breach after a threat actor known as USDoD\r\npurportedly leaked information stolen from the company's network.\r\nMillions of customers and more than 65,000 businesses from 30 countries are served by the over 10,000\r\nemployees of the Chicago-based firm. \r\n\"Immediately upon discovering these assertions, we partnered with outside cybersecurity and forensic experts to\r\nlaunch a thorough investigation,\" the company stated.  \"At this time, we and our internal and external experts have\r\nfound no indication that TransUnion systems have been breached or that data has been exfiltrated from our\r\nenvironment.\"\r\nGiven that the data and its formatting are different from TransUnion, the inquiry into the claims discovered that\r\nthe information stolen by USDoD was probably acquired from another organisation's systems. \r\nhttps://www.cysecurity.news/2023/09/transunion-refutes-data-breach-reports.html\r\nPage 1 of 2\n\n\"Through our investigation, we have found that multiple aspects of the messages – including the data, formatting,\r\nand fields – do not match the data content or formats at TransUnion, indicating that any such data came from a\r\nthird party,\" TransUnion added. \r\nThe database allegedly stolen from TransUnion's devices contains a wide range of sensitive information on close\r\nto 59,000 individuals worldwide, according to the USDoD listing posted on a hacker site over the weekend.\r\nUSDoD was a member of the infamous BreachForums (aka Breached) hacking site, which was confiscated by US\r\nlaw authorities in June.\r\nThe threat actor was also connected to the failed attempt to sell $50,000 worth of InfraGard's user database on\r\nBreached in December 2023 after gaining access to InfraGard through social engineering. \r\nAt the time, Brian Krebs wrote that the Department of Defence (USDoD) claimed that the InfraGard user data was\r\nmade freely accessible via an Application Programming Interface (API) that is incorporated into numerous\r\nessential elements of the website that facilitate communication and connection amongst InfraGard users. \r\nAfter their InfraGard membership was granted, according to USDoD, they directed a friend to write a Python\r\nscript to query that API and retrieve every piece of InfraGard user data that was accessible. \r\nThe data included the private information of more than 80,000 members in InfraGard, an FBI initiative to\r\nfacilitate intelligence sharing between federal, state, and local law enforcement agencies as well as businesses.\r\nSource: https://www.cysecurity.news/2023/09/transunion-refutes-data-breach-reports.html\r\nhttps://www.cysecurity.news/2023/09/transunion-refutes-data-breach-reports.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.cysecurity.news/2023/09/transunion-refutes-data-breach-reports.html" ], "report_names": [ "transunion-refutes-data-breach-reports.html" ], "threat_actors": [ { "id": "80edca9f-dcd6-491e-92f3-87ad1f575631", "created_at": "2023-10-14T02:03:14.694988Z", "updated_at": "2026-04-10T02:00:05.021046Z", "deleted_at": null, "main_name": "NetSec", "aliases": [ "NetSec", "Operation Data Breach", "ScarFace_TheOne", "USDoD" ], "source_name": "ETDA:NetSec", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "82a51997-1402-41c3-86df-6f9e522b2ba8", "created_at": "2024-04-27T02:00:03.554045Z", "updated_at": "2026-04-10T02:00:03.63698Z", "deleted_at": null, "main_name": "USDoD", "aliases": [], "source_name": "MISPGALAXY:USDoD", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434457, "ts_updated_at": 1775791689, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5c22851c513bad5569959fd0d56b27a30d6a4401.pdf", "text": "https://archive.orkl.eu/5c22851c513bad5569959fd0d56b27a30d6a4401.txt", "img": "https://archive.orkl.eu/5c22851c513bad5569959fd0d56b27a30d6a4401.jpg" } }