TransUnion Data Breach Exposes Personal Information of 4.4 Million Americans

CHICAGO, IL — Credit reporting agency TransUnion has reported a significant data breach affecting more than 4.4 million individuals in the United States. The incident was discovered on July 30, 2025, but occurred two days earlier, on July 28, as a result of unauthorized access to a third-party application linked to its consumer support operations.

The breach was linked to the hacking group ShinyHunters, known for its previous attacks on major corporations such as Google and Cisco. According to TransUnion, the compromised data included sensitive information such as names, dates of birth, Social Security numbers, and billing addresses, although the company emphasized that its core credit database and credit reports were not involved in the incident.

In response to the breach, TransUnion is offering two years of free credit monitoring and identity theft protection services to all affected individuals. The company stated that it took immediate action to contain the breach and is working with law enforcement for an independent investigation.

Security experts note that this breach is part of a troubling trend of cyberattacks exploiting vulnerabilities in third-party applications that connect to Salesforce platforms. Companies including Farmers Insurance, Allianz Life, and Qantas have also reported similar breaches, indicating a larger pattern affecting multiple sectors.

The attackers reportedly gained access through malicious third-party integrations that disguised themselves as legitimate Salesforce applications. This method bypasses typical security measures, allowing hackers extended access to sensitive customer data.

TransUnion is currently facing scrutiny from regulators and consumers, having previously been criticized for security lapses. Experts recommend that consumers take steps to safeguard their personal information by monitoring accounts, utilizing strong passwords, and considering credit freezes.

As the scale of these attacks mounts, industry analysts are urging organizations to adopt rigorous security measures and heightened awareness of the risks associated with third-party software integrations.