Mujer costarricense lidera equipos globales de IA y ciencia de datos desde el país

Mujer costarricense lidera equipos globales de IA y ciencia de datos desde el país
San José, 19 mar (elmundo.cr) – Stefanny Quesada Navarro, líder costarricense en ciencia de datos en TransUnion®, refleja la creciente presencia de mujeres en carreras STEM en Centroamérica. Desde Heredia lidera equipos especializados en ciencia de [...]

#GCC #StefannyQuesadaNavarro #Tendencias #TransUnion

https://elmundo.cr/tendencias/mujer-costarricense-lidera-equipos-globales-de-ia-y-ciencia-de-datos-desde-el-pais/

Edmonton woman frustrated by 18-month battle with Equifax and TransUnion to fix credit rating

https://www.cbc.ca/news/gopublic/credit-ratings-fraud-9.7099030
- - -
Une femme d’Edmonton frustrée par une bataille de 18 mois avec Equifax et TransUnion pour corriger sa cote de crédit

// Article en anglais //

#Canada #Equifax #TransUnion

Costa Rica fortalece su posición como Hub de Centros de Capacidad Global

Costa Rica fortalece su posición como Hub de Centros de Capacidad Global
San José, 07 ene (elmundo.cr) – Costa Rica continúa ofreciendo condiciones ideales para el establecimiento de centros de excelencia. A lo largo de los años, el país ha atraído una variedad de modelos de prestación de servicios, incluidos los Centros de Servicios Compartidos (SS [...]

#CINDE #EconomíaYNegocios #HUB #TransUnion

https://elmundo.cr/economia-y-negocios/costa-rica-fortalece-su-posicion-como-hub-de-centros-de-capacidad-global/

It wasn’t hard to hijack TransUnion credit reports. I did it to myself.

PIRG staff discovered that they could talk TransUnion’s customer service representatives into resetting passwords and changing account contact information with bare-bones proof of identity.

#TransUnion #PIRG #socialengineering #customerservice #security #cybersecurity #hackers #hacking

https://www.washingtonpost.com/technology/2025/12/12/transunion-credit-report-vulnerability-credit-freeze/

Redefiniendo el crecimiento: cómo el mercado laboral costarricense está creando oportunidades inclusivas y de alto valor

Redefiniendo el crecimiento: cómo el mercado laboral costarricense está creando oportunidades inclusivas y de alto valor
San José, 26 nov (elmundo.cr) – El mercado laboral costarricense está experimentando una poderosa transformación. Lo que antes se medía principalmente en números [...]

#CINDE #EconomíaYNegocios #GAM #MercadoLaboral #PIB #TransUnion

https://elmundo.cr/economia-y-negocios/redefiniendo-el-crecimiento-como-el-mercado-laboral-costarricense-esta-creando-oportunidades-inclusivas-y-de-alto-valor/

Wall Street ticks to more records, led by technology stocks

Stocks edged up to more records on Thursday as technology stocks kept rising and as Wall Street kept…
#NewsBeep #News #Headlines #aiinfrastructure #artificial-intelligenceindustry #corporateannouncement #datum #experian #investor #Latvia #LV #morerecord #SamsungElectronics #shutdown #sp #Stock #technologystock #thursday #transunion #wallstreettick
https://www.newsbeep.com/160589/

Another credit reporting agency breach, another terrible breach notification letter

Recently, in the process of trying to temporarily unfreeze our credit reports so we could apply to something or other I don’t recall, we discovered that my wife’s TransUnion account was broken and inaccessible as a result of the most recent of a long string of changes TransUnion has made to their end-user-facing web apps. My wife had to spend a long time on the phone with TransUnion to get it fixed.

This, of course, means that she was one of the victims of their recent SalesForce / Drift security breach.

A few days ago, my wife received this letter from TransUnion (highlighting added by me; image follows, text is at the bottom of this blog posting, for those who need it):

Let’s talk about all the ways this is terrible.

First and foremost, of course, is the fact that this breach occurred in the first place. The credit reporting agencies have had breach after breach after breach, with no end in sight. It is patently obvious at this point that they aren’t and never will be secure enough until there are adequate financial incentives in place to make it more expensive to keep allowing these breaches to happen than it would be to do what it takes to prevent them.

“But this one isn’t actually TransUnion’s fault, it’s SalesForce’s!” Nope. TransUnion is responsible for ensuring that the third-party vendors they use have adequate security. TransUnion is responsible for not outsourcing functions that cannot be adequately secured by third parties. TransUnion is ultimately responsible for the security of the data it holds.

Moving on, look at the first heading I highlighted above, “What happened?” Now look at the text following it. There isn’t a single word about “what happened.” I only know it’s the SalesForce breach because I’m an information security professional who follows the news about stuff like this. The vast majority of the people who receive this letter will not have a clue how this happened. Putting the section header “What happened?” in your breach notification letter does not actually satisfy your obligation to tell victims what happened. YOU ACTUALLY HAVE TO TELL THEM WHAT HAPPENED.

Similarly, look at the section headed “What we are doing.” Do you see any concrete information in that section about what they are doing to prevent similar breaches in the future? Of course not, it’s just meaningless generalizations and platitudes, because, as we all know, they are doing NOTHING. They will face no repercussions for the breach, it will barely make a blip in their profit, and nothing will change.

Heck, they don’t even need to pay a third-party service to provide the fraud assistance and remediation service they’re offering to consumers who were impacted by this breach, because they’ve farmed out responsibility for that to a company they own. “You couldn’t trust us to keep your data safe, but you should trust us to help you deal with the fallout,” is certainly a thing a company can say, but whether anybody actually believes it is a different question entirely.

TransUnion wants to tell us about “Steps You Can Take to Help Protect Your Personal Information.” Please forgive me for momentarily resorting to profanity as I say, hey, TransUnion, you can fuck off into the sun with that noise. This breach and what you are doing about it plainly demonstrates, for the nth time, that there is nothing anyone in the U.S. can do to adequately protect their personal information, short of dropping off the grid and living in a log cabin in the woods. Until we have meaningful federal data privacy laws (which remains unlikely to ever occur) with substantive penalties for companies failing to protect consumer data, this is going to keep happening, and there’s nothing we can do about it.

Finally, I want to point out the absolutely amateurish formatting of this breach notification letter, which is in my opinion indicative of the competence (or lack of same) of the people managing this breach (and, therefore, of how important TransUnion really thinks it is to manage the breach competently):

• As I’ve already mentioned, neither the “What happened?” nor “What are we doing.” sections contain the content they should.
• “Notice of Data Incident” should be bold, or in a larger font, or both.
• The leaked information also obviously included people’s names, but they don’t mention that in the “What information was involved?” section.
• They wrote “8a.m.” without a space, followed immediately by “8 p.m.” with a space.
• While we’re on the subject, when a time range is written out like that, it should use an en dash, not a hyphen.

Are some of these minor, petty issues. Absolutely. But in my experience, “minor, petty issues” like this are a strong signal about a company’s overall competence. In other words, maybe these things don’t matter a lot, but they’re a pretty good indicator about the things that do.

UPDATE: Cyberscout is just as bad at security as the rest of TransUnion

The login process at Cyberscout, for accessing the free credit monitoring offered by TransUnion as a result of this breach, uses outdated practices:

Everything about this is wrong:

• “Update this frequently to keep your account secure” — No! We’ve known for decades that making people change passwords frequently reduces security rather than increasing it. NIST security standards specifically say not to do this.
• Enforcing password quality by requiring specific character classes — No! There are better ways to enforce password quality without requiring arbitrary types of characters. NIST security standards specifically say not to do this.
• Using security questions for backup authentication — No! This has never been secure and is even less so now that everybody’s data is out there thanks to the never-ending flow of security breaches. NIST security standards specifically say not to do this.

They also only support emails, voice calls, and SMS for two-factor authentication:

This is also no longer considered secure and is explicitly deprecated by NIST security standards.

The security posture of any company which is still doing the above things in 2025, especially a company whose entire reason for existence is, ostensibly, cybersecurity and privacy, cannot be taken seriously.

Here is the text of the letter pictured above:

TransUnion Event
c/o Cyberscout
P.O. Box 1286
Dearborn, MI 48120-9998

[personal information elided]

September 9, 2025
Notice of Data Incident
To [name elided]:
We are writing to make you aware of recent unauthorized access to some of your personal data. We are providing details about the resources we are providing to assist you.
What happened?
We regret any concern caused by this incident and take seriously the responsibility to help secure consumer information. Below you will find information on what we have done to prevent further improper access, as well as steps you can take to help protect your personal information.
What information was involved?
The information was limited to specific data elements and did not include credit reports or core credit information. In your case, the information involved included your SSN and DOB.
What we are doing.
TransUnion takes the protection of personal information seriously, which is why we engage in robust, proactive security measures. We continue to enhance our security controls as appropriate to minimize the risk of any similar incident in the future.
What you can do.
In response to the incident, we are providing you with access to credit monitoring services that will alert you whenever there is a change to your credit file. We are offering these services at no charge for 42 months from the date you enroll.
We are also providing you with proactive fraud assistance to help with any questions that you might have now or in the event that you become a victim of fraud. These services will be provided by Cyberscout, a TransUnion company specializing in fraud assistance and remediation services.
If you have any questions about this matter or would like additional information, please refer to the enclosed Steps You Can Take to Help Protect Your Personal Information or call toll-free 1-800-516-4700. This call center is open Monday through Friday from 8a.m.-8 p.m. Eastern Time, except major holidays.
Sincerely,
TransUnion Consumer Relations

#Cyberscout #dataBreach #infosec #privacy #TransUnion

Another credit reporting agency breach, another terrible breach notification letter

TransUnion is bad at security and bad at handling security breaches and none of this is going to get better until we have a real federal data privacy law with meaningful penalties for companies which leak people's data.
#TransUnion #Cyberscout #infosec #privacy #dataBreach #TechIsShitDispatch
https://blog.kamens.us/2025/09/25/another-credit-reporting-agency-breach-another-terrible-breach-notification-letter/

TransUnion data breach impacts more than 4.4 million Americans

One of the three major credit bureaus fell prey to a cyberattack that exposed personal data from more than 4.4 million U.S. consumers. the attack occurred on July 28 and was discovered two days later.

#salesforce #salesloft #TransUnion #databreach #security #cybersecurity #hackers #hacking #hacked

https://www.cnbc.com/select/transunion-data-breach-impacts-over-4-million/