The credit reporting company TransUnion has confirmed that more than 4 million people’s data was exposed in a recent hack involving an unidentified third party.

In a letter posted to the website of Maine’s attorney general on Wednesday, the company said it had “recently experienced a cyber incident involving a third-party application serving our US consumer support operations”.

Recommended Stories

list of 3 itemsend of list

“We continue to enhance our security controls as appropriate to minimise the risk of any similar incident in the future.”

In a statement, TransUnion said it had “quickly contained the issue, which did not involve our core credit database or include credit reports”.

The Illinois-based credit bureau also issued a letter to consumers, saying it would offer its credit monitoring services to those affected free of charge.

Maine legally requires disclosures for certain kinds of breaches affecting its residents. Among the more than 4.4 million people who were victims of the hack, roughly 17,000 were from Maine.

The state attorney general’s office indicated that the breach occurred on July 28 and was discovered two days later, on July 30.

The name of the third-party application was not disclosed, but US corporations have recently seen waves of compromises as hackers trick employees into opening up their respective employers’ Salesforce databases, where consumer data is often stored.

A Salesforce representative did not immediately return a message seeking comment.

Credit reporting companies amass data about consumers’ borrowing and spending practices, and they therefore contain sensitive information, including Social Security numbers.

Advertisement

One of the biggest hacks in recent decades targeted the credit bureau Equifax in 2017. More than 147 million Americans saw private information released as part of the breach, including birthdates, credit card numbers and Social Security information.

That incident was considered one of the largest of its kind. The company was forced to agree to a settlement with the Federal Trade Commission that included $425m set aside to help affected consumers.

On Wall Street, Transunion’s stock tanked on the news of the hack. It is down 0.2 percent. Salesforce’s stock, however, has not been affected. It’s trending upwards. As of 10:50am in New York (14:45 GMT), its shares are up 1.1 percent.