Dun & Bradstreet, which licenses information on businesses and corporations for use in credit decisions, business-to-business marketing and supply chain management, admitted they fell victim to an attack and sent out notification letters Monday to customers.
“Based on our investigation of the incident to date, we believe the attack primarily occurred during a fifteen (15) day period in March and April 2013 and potentially resulted in unauthorized access to our environment, including one of our commercial information databases,” the letters read.
“The potentially exposed information is generally available from public sources. In some circumstances this information may have included certain personal information provided in a business context. This letter has not been delayed by a law enforcement investigation.”
Dun & Bradstreet said it is working with law enforcement investigating the case. The company told individual customers the compromised information included their business identification numbers which could consist of their social security numbers.
The company is offering affected customers free AllClear ID protection services for 12 months. Officials told letter recipients, which ended up submitted to the California Office of the Attorney General, that Equifax, Experian and TransUnion are aware of the incident.
In addition to Dun & Bradstreet, several other data broker giants ended up hit by the attackers. The list includes LexisNexis, HireRight/Kroll, and the National White Collar Crime Center.
Officials said the same attackers could be behind the Adobe hack which stole details of 38 million users and source code.