The personal information of about 37,000 Canadians may have been compromised between June and July, TransUnion Canada says.
The credit monitoring agency said the data was accessed through the fraudulent use of one if its legitimate business customer’s login credentials.
TransUnion said it learned of the breach in August and has notified those whose information may have been accessed as well as the privacy commissioners.
Company spokesman David Blumberg said in a statement that while the investigation is ongoing, the company maintains that the fraudulent login was not a failure of its systems.
“The unauthorized access was not the result of a breach or failure of TransUnion’s systems or our customer’s system,” he said.
Blumberg did not respond to a request to provide details on what sort of personal information was compromised.
The incident follows on numerous data breaches in recent years, including a high-profile breach at rival credit monitoring agency Equifax Inc. in 2017 where information on 143 million customers globally, including about 19,000 Canadians, was compromised.
More recently, Capital One said in July that data of six million Canadians was hacked, including about a million social insurance numbers. Desjardins said in June that the data of about 2.7 million accounts were hit with a breach.
The issue at TransUnion means that both of Canada’s credit monitoring agencies have seen customer data compromised. TransUnion and Equifax provide credit reports that assess how qualified people are for a loan, among other financial services.
Blumberg said Chicago-based TransUnion continues to look for ways to strengthen its defences against unauthorized access of any kind, and supports customers in efforts to protect their data.
The Canadian Press