Equifax and Transunion say hackers stole celebrity credit reports

Join thousands of others, and sign up for Naked Security's newsletter

by Graham Cluley on March 12, 2013 | 1 Comment

Filed Under: Celebrities, Featured, Hacked, Law & order, Privacy

Earlier today we revealed how hackers had managed to publish the credit reports and personal information of a number of public figures on a newly-created website.
Victims include celebrities such as Beyoncé Knowles, Ashton Kutcher, Paris Hilton and Britney Spears - as well as public figures such as US Vice President Joe Biden, Hillary Clinton and Michelle Obama.

In that earlier article I wrote:

The nature of the content - names, social security numbers, previous addresses, dates of birth, etc - suggest that a credit agency might have been compromised in some fashion. Whether an agency was actually hacked, compromised in some other fashion, or whether an insider within the organization leaked the data, is impossible to say at this point.

Well, now some of the United States' top credit bureaus have come forward and acknowledged that fraudulent and unauthorized access to the records of well-known figures have taken place.

According to Bloomberg, Equifax Inc and TransUnion Corp have confirmed that sensitive, personal-identifying information about celebrities and public figures has been taken from their systems.
Bloomberg goes on to say that a third credit reporting agency, Experian, is investigating whether any of its data was compromised.
What's clear, however, is that the details belonging to Paris Hilton that were posted on the website do appear to have originated from the firm.
The three companies jointly run a website - annualcreditreport​.com - which is designed to give users free access to their own credit reports.
Some of the information posted on the hackers' website (which we have chosen not to name) references annualcreditreport​.com, suggesting that hackers might have found a way to exploit the online portal to scoop up sensitive information.
Many questions remain as to whether this was a straightforward hack, or if the hackers were able to gain unauthorised access to the data via other means.
One possibility is that the hackers were able to scoop information up off the net about particular individual public figures, and then use that to successfully impersonate their targets and access credit histories.
I think we can all feel confident that the authorities will be keen to identify those responsible for the security breach as soon as possible - especially as those exposed include the head of the Los Angeles police force Charlie Beck and FBI Director Robert Mueller.
Naked Security has chosen not to publish the name of the website which has published the personal information of the public figures, as it is currently still available, and has redacted the images above.