TransCredit Data Leak Over 800,000 Records of Credit Reports

Data Leak

Security researcher Jeremiah Fowler together with the Website Planet research team found an unsecured Transcredit data leak of 822,789 records of user information.

Transcredit Data Leak

The database included data on truckers, transport companies, loans, repayment, and debt collections, and other data specifically for the transportation industry. This included banking information and tax ID numbers. Many of the Tax IDs were consistent with what appeared to be Social Security Numbers stored in plaintext.

Discovered Data

  • Total Records: 822,789. Internal records that include customers first and last names, emails, bank information, Tax ID numbers that appear to be SSN and EIN (Employer Identification Number). These individuals could be at risk of a targeted social engineering attack using insider information.
  • Detailed notes on collections, payment histories, new applicants, status and progress. References to “TransCredit” and “Transcore”
  • Internal Passwords and login IDs / Usernames, account numbers. We can only assume that these could be used to access the user portal. (We do not circumvent password protections or attempt to validate user credentials for ethical reasons).

The team says that TransCredit works similarly to traditional credit scores. The company exists specifically for the transportation industry. It assigns a risk assessment score that ranges from 0 to 99, with 0 being high risk and 99 being the lowest risk. Once they apply a scoring system it gives an idea of risk for both shipper, drivers, and transport companies. Some carriers rely on a scoring system and disqualify shippers with a poor rating.

The team also says: “Although there were many references to TransCredit inside the database and 600k “Credit Reports”, we did not receive a reply from anyone at TransCredit verifying if the data did indeed belong to them. It is not clear if this data was exposed by a contractor or a 3rd party who had access to these reports, or if this was in fact TransCredit’s internal database?”

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments