Credit bureau TransUnion said Thursday that more than 4 million people’s data was exposed in a recent hack involving an unidentified third party.
In a letter dated earlier this week and posted to the website of Maine’s attorney general, the company said it
had “recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations.”
In a statement, TransUnion said it had “quickly contained the issue, which did not involve our core credit database or include credit reports.”
Maine legally requires disclosures for certain kinds of breaches affecting its residents. The name of the third
party application was not disclosed, but U.S. corporations have recently seen waves of compromises as hacker
s trick employees into opening up their respective employers’ Salesforce databases.
A Salesforce representative did not immediately return a message seeking comment.
The hack included “any personal information” provided in connection with applications or was collected during st
udents’ studies, according to drafts of letters from the university to potentially affected individuals. That includes
contact details, demographic information, academic history, fin
ancial aid-related information and insurance and health-related data shared with the university, the letters state.
Watch More Image Part 2 >>>
The university’s investigation is ongoing and the school is still working to determine the number of individuals impacted
, a Columbia official said Friday. The school will continue to notify people who have been affected, the official said.
The details were included in reports Columbia made Thursday to state officials in Maine and California, acc
ording to the websites of their attorneys general. Both states require org
anizations to report breaches “without unreasonable delay” when their residents’ data is involved.