TransUnion suffers data breach impacting over 4.4 million folks

Replace: Story up to date with affirmation that this was one other Salesforce knowledge theft assault.

Shopper credit score reporting large TransUnion warns it suffered a data breach exposing the non-public info of over 4.4 million folks in the USA, with BleepingComputer studying the information was stolen from it is Salesforce account.

TransUnion is likely one of the three main credit score bureaus in the USA, alongside Equifax and Experian. It operates in 30 international locations, employs 13,000 employees, and has an annual income of $3 billion.

It collects and maintains credit score info on over 1 billion customers worldwide, with roughly 200 million of these primarily based within the U.S. This info is shared with 65,000 companies, together with lenders, insurers, and employers.

Based on a submitting submitted to the Workplace of the Maine AG, the breach occurred on July 28, 2025, and was found two days later.

A pattern of the notifications distributed to impacted purchasers earlier this week specifies that the incident concerned a third-party utility serving the corporate’s shopper help operations.

“We lately skilled a cyber incident involving a third-party utility serving our U.S. shopper help operations,” reads the data breach discover.

“The unauthorized entry consists of some restricted private info belonging to you.”

The information uncovered on this incident was “restricted” in keeping with the corporate, though what precisely it’d entail hasn’t been specified within the pattern notification.

As an alternative, the letter underlines that no credit score experiences or core credit score info had been uncovered on this incident.

TransUnion is now providing these impacted 24 months of free credit score monitoring and identification theft safety providers.

A wave of Salesforce knowledge theft assaults has impacted quite a few corporations this 12 months, together with Google, Farmers Insurance coverage, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas.

These assaults have been performed by the Shiny Hunters extortion group, and extra lately, by a cluster tracked as UNC6395.

After publishing this story, BleepingComputer confirmed with two sources, together with ShinyHunters, that TransUnion’s data breach is linked to those Salesforce assaults, with the information additionally containing Social Safety Numbers.

BleepingComputer contacted TransUnion with additional questions on this breach, and we’ll replace this text if we obtain a response.

Two years in the past, a risk actor claimed a data breach at TransUnion, which the corporate rejected, saying that the information had been stolen from a 3rd social gathering.

In earlier years, the corporate’s South African and Canadian branches suffered cybersecurity breaches that uncovered buyer info.