TORONTO — A cybersecurity breach at TransUnion has underscored the rising threat of third-party attacks and the difficulty of preventing them.
The credit monitoring agency confirmed this week that the personal data of 37,000 Canadians was compromised when someone illegally used a legitimate business customer’s login to access TransUnion data.
Daniel Tobok, CEO of Cytelligence Inc., says he’s seen a rise in these kinds of attacks that use trusted partners to gain access to data.
He says about a quarter of the cyberattacks the company deals with are related to third-party attacks, which are hard to detect because they often look like legitimate uses.
In the case of TransUnion, someone fraudulently used login information from the leasing arm of Canadian Western Bank to access credit information on tens of thousands of Canadians.
Tobok says it’s crucial to use two-factor verification for any sort of sensitive login access and that companies need to do more to train staff to prevent access information falling into the wrong hands.