TransCredit exposed the financial data of half a million Americans and Canadians


TransCredit is a Jacksonville, Florida-based business credit reporting agency for the transportation industry.

Website Planet computer security researchers discovered a misconfigured database that belonged to TransCredit, a Jacksonville, Florida-based business credit reporting agency for the transportation industry.

According to Website Planet’s Jeremiah Fowler, the database contained a treasure trove of sensitive financial and personal data from customers, including trucking and transportation companies based in Canada and the United States.

What data was exposed?

In total, the misconfigured database exposed 822,789 records, 600,000 of which were customer credit files. Other information exposed included the following:

  1. Full names
  2. Tax identification numbers
  3. Email addresses
  4. Payment history
  5. Bank information
  6. Social Security Numbers (SSN)
  7. Internal login IDs and passwords
  8. EIN (Employer Identification Number)

And the list continues…

One of the database screenshots on display (Image credit: Website Planet)

Exposed database without password protection

According to the Plant’s website blog postthe worst of the incident is that the database was left exposed for public access without a password or security authentication, which meant that anyone who knew how to find misconfigured databases could have accessed the data.

In addition, the database was also at risk of being compromised by ransomware gangs known to encrypt exposed databases and demand ransom in return. In 2020, 47% online MongoDB databases have been hacked by ransomware gangs.

The real danger for transport companies is fraud and scams. This database contained enough information to create a range of highly targeted frauds or scams. Criminals armed with insider knowledge could potentially gain trust very easily and businesses or individuals would be less suspicious when faced with verifying a tax ID or other data.

Jeremiah Fowler – Website Planet

Period of time

While it’s unclear exactly when the database was exposed online or if it was accessed by a third party with malicious intent, Website Planet told that its researchers discovered the misconfiguration on September 17, 2021. However, details were only recently shared. .

The good news is that TransCredit reacted quickly and secured the database shortly after receiving an alert from Website Planet.


Comments are closed.