As far as I know credit scores are not part of credit reports as they do not show up when you request your credit report. If they were storing "credit score" as part of your credit report but withholding that information when you request a copy that would seem to violate the Fair Credit Reporting Act.
It wouldn't really make sense to store a credit score with the report anyways, it would only make sense to generate it on the fly only when a lender requests it. I'm assuming that different creditors report credit information on different days so it would be changing every time a creditor submitted information on that person which would be multiple times a month for someone with multiple accounts. And if the credit score algorithm was updated they would have to recalculate the "credit score" field on the entire database! This wouldn't really make sense from a technical perspective.
Furthermore, there's not just one "credit score," there's different algorithms for coming up with a credit score. One creditor may request FICO 8 and another one may request VantageScore 3.0 on the same day. Then another comes by and wants FICO 5. So even if they saving a credit score in the database I wouldn't think that they would have a field labeled as a generic "credit score" without any qualifier. It would be "FICO 8 score" or whatever algorithm was used to generate the score.
There's also other problems, I don't have my Equifax report in front of me right now but credit bureaus store alternative/former names which aren't included here. Like for me my reported names are FirstName LastName; FirstName MiddleInital LastName; and FirstName MiddleName LastName. All because different creditors reported my name slightly differently. If you change your name (like Kim Kardashian did - she's Kim Kardashian West now) it would report both your former name(s) and current name(s). I don't see any indication that this sort of information is included.
Therefore I very seriously doubt the authenticity.
(From a technical perspective "pdf" is not a MIME type, the MIME type of PDF files is "application/pdf")
Also, why credit reports for Donald Trump and Kim Kardashian were created at the same second and then modified at the same second? Probability of this happening as a result of natural client activity - i.e. just watching the logs of the active service - is zero. If the attackers had access to this service and initiated the requests, then why not show the resulting PDFs, that they supposedly also must have had access to if they had access to the API?
It still looks sorta "off" to me even as logs.
Since there's no cost associated with this, they may well generate one for everyone and store it with their data.
Back when I was relatively new on the (full time) job market, I pulled my reports from annualcreditreport.com and it would tell me that my "credit score" is 720-740, and no negative marks.
However, I also had never taken out a loan before. So whenever I tried to do use that pristine credit (e.g. for a mortgage, credit card, or apartment), I had "no credit history" which appeared to the credit as toxic and subprime.
(Relatedly, when I got my first part time job and tried to buy a PS console with a check, Best Buy said it violated their "risk parameters" and wouldn't take it, though Walmart would.)
I'm curious to see what happens when I buy my first house. There was a huge chance I wouldn't have even needed the car loan but life happens.
>And if the credit score algorithm was updated they would have to recalculate the "credit score" field on the entire database! This wouldn't really make sense from a technical perspective.
This obviously depends on your real-time requirements on providing a credit score. If you need to be able to return any credit score in X milliseconds, and you need to be able to do this at certain throughput, and have load that's not distributed across the day, then you might choose to pre-compute data.
There are techniques you could use to ensure you minimise re-computes and you could also pre-compute values into the future and re-calculate them when new/unexpected data came in.
It might not make sense to do this in a general-case, but placing retrieval performance constraints on a system can lead to non-obvious pre-calculation/computation solutions.
Wouldn't it be that one?