TransUnion Credential Stuffing Attack: Credit Information Exposed

Credential Stuffing, a cyberattack where login details are stolen through a data breach, was on topic in the news recently. An unauthorized person used this attack to successfully gain access to a TransUnion Canada web portal where it was able to pull consumer credit files when doing a credit search. This includes a consumer’s Social Insurance Number (SIN), birthdate, current and past addresses.

The credit bureau has already reached out to their affected consumers whose information was exposed in this credential stuffing attack through postal mail.