Using a credential stuffing attack, an unauthorized person was able to gain access to a TransUnion Canada web portal and use it to pull consumer credit files. […]

from https://www.bleepingcomputer.com/news/security/credit-info-exposed-in-transunion-data-security-incident/