Equifax and Transunion say hackers stole celebrity credit reports

Earlier today we revealed how hackers had managed to publish the credit reports and personal information of a number of public figures on a newly-created website.

Victims include celebrities such as Beyoncé Knowles, Ashton Kutcher, Paris Hilton and Britney Spears – as well as public figures such as US Vice President Joe Biden, Hillary Clinton and Michelle Obama.


In that earlier article I wrote:

Sign up to our free newsletter.
Security news, advice, and tips.

The nature of the content - names, social security numbers, previous addresses, dates of birth, etc - suggest that a credit agency might have been compromised in some fashion. Whether an agency was actually hacked, compromised in some other fashion, or whether an insider within the organization leaked the data, is impossible to say at this point.

Well, now some of the United States’ top credit bureaus have come forward and acknowledged that fraudulent and unauthorized access to the records of well-known figures have taken place.

Arnold Schwarzenegger credit report

According to Bloomberg, Equifax Inc and TransUnion Corp have confirmed that sensitive, personal-identifying information about celebrities and public figures has been taken from their systems.

Paris HiltonBloomberg goes on to say that a third credit reporting agency, Experian, is investigating whether any of its data was compromised.

What’s clear, however, is that the details belonging to Paris Hilton that were posted on the website do appear to have originated from the firm.

The three companies jointly run a website – annualcreditreport​.com – which is designed to give users free access to their own credit reports.

Some of the information posted on the hackers’ website (which we have chosen not to name) references annualcreditreport​.com, suggesting that hackers might have found a way to exploit the online portal to scoop up sensitive information.

Many questions remain as to whether this was a straightforward hack, or if the hackers were able to gain unauthorised access to the data via other means.

One possibility is that the hackers were able to scoop information up off the net about particular individual public figures, and then use that to successfully impersonate their targets and access credit histories.

I think we can all feel confident that the authorities will be keen to identify those responsible for the security breach as soon as possible – especially as those exposed include the head of the Los Angeles police force Charlie Beck and FBI Director Robert Mueller.

Naked Security has chosen not to publish the name of the website which has published the personal information of the public figures, as it is currently still available, and has redacted the images above.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.