Data leaked

In a recent alarming revelation, a hacker who operates under the pseudonym USDoD (not affiliated with the US Department of Defense) has allegedly penetrated the security systems of the major US credit reporting agency, TransUnion. The breach, as reported by Security Affairs, saw the details of 58,505 customers, both in the US and Europe, compromised.

According to cybercrime experts Vx-Underground, the hacker unleashed 3 gigabytes of sensitive data into the cyber realm. The exposed information includes customers’ full names, their credit scores, passport details, and even outstanding loan balances. At this time, TransUnion has not provided any official acknowledgment regarding the incident.

USDoD purportedly carried out this massive operation with assistance from an emerging cyber extortion gang named Ransomed. This gang employs a distinct tactic, demanding ransom from their targets in return for their silence towards data protection regulators about the compromised organization’s cyber vulnerabilities. This effectively capitalizes on the victim company’s fear of potential fines and reputational damage.

Notably, this isn’t USDoD’s maiden venture into cyber mischief. Last year, the hacker took credit for a cyber onslaught aimed at the US Federal Bureau of Investigation’s Infragard forum—a platform for public-private cybersecurity dialogues. Furthermore, the hacker also infiltrated the defense systems of aerospace magnate, Airbus. While the actual identity of USDoD remains shrouded in mystery, the hacker recently clarified his position, stating unequivocally in an interview with DataBreaches.net: “I Am Not Pro-Russia, and I Am NOT a Terrorist, Either!”

Chad McDonald, the Chief Information Security Officer at Radiant Logic, weighed in on the current cyber climate. McDonald emphasizes a proactive stance towards cybersecurity, urging businesses to anticipate threats and bolster their defenses accordingly. He elaborates on the significance of maintaining a consistent identity-first security approach, advocating for the amalgamation of identity data into a singular, fortified data repository to avert both external and internal threats.

In related news, Cadence Bank, based in Mississippi, has declared a data breach associated with the widespread hack of the MOVEit file transfer application. The bank, having discerned the MOVEit vulnerability on June 1, promptly administered requisite patches and spearheaded an inquiry into the potential compromise of its systems. On June 18, Cadence Bank confirmed unauthorized access to private customer details—ranging from names and addresses to more sensitive data like Social Security and driver’s license numbers.