Incident Details
A man from Baltimore was formally charged on Monday for his involvement in operating a known as TLO data service, a tool widely used by hackers and criminals to easily uncover personal information about individuals across America. Chouby Charleron is accused of selling the personal identifying information, such as Social Security numbers, of over 5,000 individuals, as detailed in recently revealed court documents. This development highlights the ongoing prevalence of TLO data services within the realm of cybercrime, a trend I previously brought to light in August. While these tools are frequently automated, they draw inspiration from the robust TLOxp data service offered by TransUnion, a credit bureau accessible to debt collectors, law enforcement, and various other industries. While not all services necessarily rely on TLOxp for data, it is alleged that Charleron's accomplices used the acquired information to perpetrate credit card fraud. Furthermore, these services have been observed being promoted to violent criminal groups who engage in hacking, theft, and other criminal activities targeting individuals such as YouTubers, celebrities, politicians, and everyday people.
How could this have been prevented?
In order to avoid this security breach, the company could have enhanced security protocols, including the use of multi-factor authentication, encryption of confidential information, routine security assessments, and training staff on safeguarding data. Additionally, they could have closely supervised the operations of the TLO data service and enforced more stringent access restrictions.
Summary of Coverage
Chouby Charleron was accused by authorities of operating a TLO data service that enabled the unauthorized sale of personal identifying information (PII) to hackers and criminals. The security breach exposed the PII of over 5,000 individuals and highlighted the ongoing utilization of these data services within the digital underworld. It is probable that the company's security protocols were insufficient, emphasizing the importance of enhancing protections and boosting knowledge about data security.