TransUnion breach exposed personal data of 4.4 million Americans

The TransUnion breach compromised the personal data of 4.4 million Americans, raising fresh concerns over credit bureau security.

  Science/Technology   Aug 31, 2025   0   23  Add to Reading List

You might have recently noticed a wave of cyberattacks hitting companies whose services millions of Americans rely on every day. Among the victims are Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas, all reporting breaches linked to Salesforce-connected applications.

Now, credit reporting firm TransUnion has confirmed its own major incident, with more than 4.4 million U.S. consumers affected.  Attackers exploited weaknesses in third-party integrations, not Salesforce itself. Security researchers tie this technique to the extortion group ShinyHunters and its affiliated crews.

 

 

A person is using macbooks

 

What you need to know about the TransUnion data breach

TransUnion has disclosed a major data breach that impacted 4,461,511 individuals in the United States, according to a filing with the Maine Attorney General’s Office. The incident occurred on July 28, 2025, and was discovered two days later on July 30.

The breach resulted from unauthorized access to a third-party application used in TransUnion’s U.S. consumer support operations. The company stressed that its core credit database and credit reports were not compromised.

Although TransUnion characterized the exposed information as “limited,” the stolen data is highly sensitive. It includes names, dates of birth, Social Security numbers, billing addresses, email addresses, phone numbers, reasons for customer transactions (such as requests for a free credit report), and customer support tickets and messages.

Hackers claim they stole more than 13 million records in total, with about 4.4 million tied to U.S. consumers.

In response, TransUnion is providing all affected individuals with 24 months of free credit monitoring and identity theft protection services.

Illustration of a person's data on the screen of a laptop

 

Hackers target companies through Salesforce apps

The breach appears to be part of a broader wave of Salesforce-related attacks that is hitting organizations across sectors, from tech and finance to retail and aviation. Alongside Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas, brands like Adidas, Louis Vuitton, Dior, Tiffany & Co., Cartier, and Air France-KLM have also reported incidents tied to weaknesses in Salesforce-linked applications.

In most cases, attackers exploited malicious third-party integrations or OAuth-connected apps disguised as legitimate Salesforce tools to siphon sensitive records. This technique bypassed traditional login protections and gave intruders long-lasting access to customer relationship management data. The stolen information ranges from basic contact details and business notes to highly sensitive identifiers such as Social Security numbers, dates of birth, and driver’s license information.

Researchers say these intrusions align with activity from the extortion group ShinyHunters, with some overlap in tactics and infrastructure linked to other threat actors like Scattered Spider. Campaigns tracked under names such as UNC6395 and UNC6040 point to a larger “extortion-as-a-service” model, where criminal crews collaborate and share stolen data across underground forums.

An illustration of a hacker at work

 

TransUnion’s response

CyberGuy reached out to TransUnion for a comment and received the following response:

“TransUnion recently experienced a cyber incident that affected a third-party application serving our U.S. consumer support operations. Upon discovery, we quickly contained the issue, which did not involve our core credit database or include credit reports.

The incident involved unauthorized access to limited personal information for a very small percentage of U.S. consumers. We are working with law enforcement and have engaged third-party cyber security experts for an independent forensics review. Additionally, we will notify affected consumers and provide credit monitoring services.”

As for the gap between when the breach occurred (July 28, 2025) and when it was officially recorded as “discovered” (July 30, 2025). A TransUnion spokesperson clarified that the company “identified and contained this event within hours” of it happening, but that it is common industry practice to designate a later “date of discovery” to reflect a more complete assessment following the initial response.

 

8 ways you can stay safe from the TransUnion data breach

The TransUnion breach exposed millions of people’s data, but there are steps you can take to protect yourself. Here are eight ways to stay safe.

 

1) Delete personal data that puts you at risk

Go through old online accounts, shopping profiles, or cloud storage that may still hold sensitive data. Deleting what you no longer use reduces the amount of information that could be stolen in future breaches or sold on dark web forums. You can also get help from a data removal service.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

 

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

 

2) Avoid phishing scams and use strong antivirus software

Data stolen in breaches often ends up fueling phishing campaigns. Attackers may use your name, email, or phone number to make messages look more convincing. If you get an email or text claiming to be from TransUnion, your bank, or any service asking you to “verify” details, don’t click on the link. Instead, log in through the official website or call customer service directly.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

 

3) Save passwords securely

If your login details were exposed, reusing the same password across sites puts multiple accounts at risk. Use a password manager to create and store strong, unique passwords for every service. Even if hackers get hold of one, they won’t be able to use it elsewhere. Consider using a password manager to generate and store complex passwords.

Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

 

4) Turn on two-factor authentication

Two-factor authentication (2FA) adds a critical extra step beyond just a password. If someone tries to break into your email, banking app, or social media account, they’ll also need the one-time code from your authenticator app or text message. This makes stolen credentials much less useful.

 

5) Keep your devices updated

Hackers often rely on outdated software to spread malware or steal information. Installing the latest updates for your phone, computer, and apps ensures security patches are in place, blocking known vulnerabilities that attackers might exploit.

 

6) Freeze your credit right away

One of the biggest risks after a breach is criminals opening new loans or credit cards in your name. A credit freeze with all three major bureaus, TransUnion, Equifax, and Experian, prevents anyone from accessing your credit file without your approval. It’s free and can be temporarily lifted if you need to apply for credit.

 

7) Monitor your accounts regularly

Watch your bank and credit card statements for unfamiliar charges, no matter how small. Set up transaction alerts where available. You should also pull your free annual credit report to check for unauthorized accounts or inquiries, which could be signs of fraud.

 

8) Consider identity theft protection services

If your Social Security number, driver’s license, or other sensitive identifiers were exposed, you may want to sign up for an identity theft protection service. These services monitor credit reports, dark web forums, and financial activity for signs of misuse. Some also include insurance or recovery assistance if your identity is stolen, giving you added peace of mind beyond basic credit monitoring. If you’re one of the affected TransUnion users, make use of the 24 months of free credit monitoring and identity theft protection services. If not, you might get one yourself for the future.

 

Related Links:

 

Kurt’s key takeaway

The reality is that the TransUnion breach isn’t just about stolen names and numbers. It’s about how exposed ordinary people are when a single company holds the keys to their financial identity. For years, consumers have had little choice but to trust credit bureaus they never opted into, even though these same companies keep finding themselves in the headlines for the wrong reasons.

Should companies like TransUnion be held legally accountable when millions of people are exposed to fraud? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Read Original   

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow