PROVIDENCE, R.I. (WPRI) — More than 17,000 Rhode Island residents may have been impacted after hackers accessed sensitive personal data during a “cyber incident” at credit reporting agency TransUnion in July.

On Sept. 3, thousands of Rhode Islanders received letters from TransUnion notifying them that their information, stored on a third-party system, had been compromised in the security breach.

According to the company, a hacker deceived two customer service agents into clicking a link that downloaded a “malicious application” while posing as a help desk technician. One of those agents worked for a vendor firm rather than TransUnion itself.

The hacker reportedly gained limited access to TransUnion’s Salesforce customer support system on July 28 and 29, allowing them to steal the Social Security numbers of approximately 17,155 Rhode Islanders. TransUnion said its core credit database and credit reports were not affected.

“This is not a vulnerability within any TransUnion system, but rather a social engineering attack
targeted at the call center agents,” the company wrote to the R.I. Attorney General’s office.

Once the breach was discovered on July 30, TransUnion said it “quickly contained” the issue by shutting down the agents’ access, blocking the malicious links and alerting the FBI.

TransUnion offered complimentary credit monitoring services and proactive fraud assistance to impacted customers. The letter also advised Rhode Islanders of their right to file or obtain a police report report and seek information from the attorney general’s office related to the incident.

“We regret any concern caused by this incident and take seriously the responsibility to help secure consumer information,” the letter read.