KP Cybersecurity News

TransUnion Data Breach Impacts 4.4 Million

Fri, 08/29/2025 - 11:03 / 0 Comments

Credit reporting firm TransUnion (NYSE: TRU) is notifying more than 4.4 million people that their personal information was compromised in a data breach.

The incident occurred on July 28, 2025, and was discovered two days later, the company revealed in a filing with the Maine Attorney General’s Office.

According to TransUnion, the data breach involved personal information stored in a third-party application, including names, Social Security numbers, and dates of birth.

“The information was limited to specific data elements and did not include credit reports or core credit information,” the company notes in the notification letter sent to the impacted individuals.

TransUnion told the Maine AGO that 4,461,511 individuals were impacted by the data breach, and that it is providing them with 24 months of free credit monitoring services, and with proactive fraud assistance.

The credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations.

However, it appears that the data breach was related to a broader wave of data theft attacks impacting Salesforce customers, and that the infamous extortion group known as ShinyHunters was responsible for it, BleepingComputer reports.

In addition to the personal information that TransUnion has reported as compromised, addresses, email addresses, and phone numbers were also stolen, the hackers claim.

SecurityWeek has emailed TransUnion for a statement on the hackers’ claims and will update this article if the company responds.

In early August, Google disclosed a data breach involving its Salesforce instance, after warning in June that UNC6040, a threat actor specializing in voice phishing attacks, was running a large-scale Salesforce data theft and extortion campaign.

Google linked UNC6040 to Scattered Spider, which apparently merged with ShinyHunters. Recently disclosed data breaches impacting Adidas, Allianz Life, Cisco, Dior, Louis Vuitton, and other companies appear to be part of the Salesforce hacking campaign.

This article was originally published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
16 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts