Follow TNGB
TransUnion Data Breach Exposes 4.4 Million Customers’ Information
TransUnion, a major U.S. credit reporting agency, has revealed that hackers accessed the personal information of over 4.4 million customers in a recent cyberattack. The breach, which targeted a third-party application used for consumer support, has raised concerns about the vulnerability of sensitive data held by large corporations.
The incident occurred on July 28, 2025, and was discovered two days later during routine security monitoring. TransUnion promptly contained the breach, ensuring no further unauthorized access, according to company statements.
Hackers gained access to a third-party application, not TransUnion’s core credit database, meaning credit reports remained untouched. However, the stolen data reportedly includes names, dates of birth, and Social Security numbers, posing risks of identity theft.
TransUnion disclosed the breach in filings with the Maine and Texas attorneys general, noting that 4,461,511 individuals were affected, including 16,828 Maine residents. The company is offering 24 months of free credit monitoring through its myTrueIdentity service to help victims protect their financial identities.
The breach is allegedly linked to a broader wave of cyberattacks targeting Salesforce-hosted systems, with the hacking group ShinyHunters claiming responsibility, according to some reports. TransUnion has not confirmed the specific third-party vendor or the hackers’ identity, citing ongoing investigations.
The company is working with law enforcement and has engaged third-party cybersecurity experts to conduct an independent forensic review. TransUnion emphasized its commitment to enhancing security measures to prevent future incidents.
This breach follows a pattern of cyberattacks on major U.S. firms, including Allianz Life and Google, which also reported data theft from third-party systems. Experts warn that such incidents highlight the growing threat of social engineering attacks exploiting corporate software vulnerabilities.
Consumers affected by the breach are urged to enroll in the free credit monitoring service and remain vigilant for phishing attempts or suspicious account activity. TransUnion has set up a dedicated support line to assist impacted individuals.
The incident may draw scrutiny from federal regulators, such as the Consumer Financial Protection Bureau, which oversees data security in the credit reporting industry. Failure to adequately protect consumer data could lead to fines or legal action.
TransUnion, which manages credit histories for over 260 million Americans, previously faced a 2022 breach in South Africa affecting millions. The recurrence of such incidents underscores the challenges of safeguarding vast data repositories in an era of sophisticated cyber threats.
Affected customers should monitor their financial accounts closely and report suspicious activity immediately to mitigate risks. TransUnion’s offer of free credit monitoring aims to provide peace of mind, but consumers must act quickly to enroll.
