KEY POINTS:
- TechCrunch reported on August 28 that TransUnion disclosed a data breach affecting more than 4.4 million customers’ personal information
- According to BleepingComputer, the breach occurred on July 28, 2025, and was discovered two days later
- Money.com reported that names, Social Security numbers, and dates of birth were among the stolen information according to the Texas filing
Breach Details and Discovery
Credit reporting giant TransUnion has confirmed a major data breach impacting more than 4.4 million U.S. consumers. According to TechCrunch (Aug. 28), the disclosure was made in filings with state attorneys general. BleepingComputer reported the breach occurred on July 28, 2025 and was discovered two days later, citing a filing with Maine’s attorney general.
TransUnion told SecurityWeek that exactly 4,461,511 individuals were affected. Money.com confirmed through filings in Texas and Maine that the breach stemmed from an unauthorized “cyber incident” on July 28.
Third-Party Application Compromised
The company emphasized that its core credit database was not involved. TechCrunch and BleepingComputer both noted that the intrusion came through a third-party application supporting TransUnion’s U.S. consumer support operations. In statements to Money.com, TransUnion said the event was contained “within hours” and no credit reports were accessed—though the company has not provided technical evidence.
Sensitive Data Exposed
The stolen records include highly sensitive identifiers. Filings reviewed by TechCrunch and Money.com confirm the exposure of names, dates of birth, and Social Security numbers. BleepingComputer, which reviewed a sample of the leaked data, reported additional details such as addresses, phone numbers, emails, and transaction notes, along with unredacted SSNs.
Link to ShinyHunters and Salesforce Attacks
Multiple sources connect the breach to the hacker collective ShinyHunters. BleepingComputer confirmed with the group and independent sources that the stolen TransUnion data is tied to Salesforce-based attacks that have also hit Google, Allianz Life, Cisco, Workday, and other firms, as TechCrunch reported. ShinyHunters claims to possess over 13 million records, with 4.4 million tied to U.S. customers.
Fox News and ASIS Online noted security researchers’ assessments linking the breach to this extortion group. CPO Magazine further reported that ShinyHunters has directly taken credit.
Industry-Wide Attack Campaign
The TransUnion breach fits into a wider wave of Salesforce data thefts. BleepingComputer listed recent victims including Google, Farmers Insurance, Pandora, Chanel, Qantas, and Allianz Life. The Record (Recorded Future) noted that Mandiant has labeled the operation a “widespread data theft campaign” attributed to threat actor UNC6395.
Money.com added that Google, a victim in this campaign, urged its 2.5 billion Gmail users to reset passwords after its own breach.
Company Response and Consumer Protection
To address the fallout, TransUnion is providing 24 months of free credit monitoring and identity protection services, according to SecurityWeek, Money.com, and BleepingComputer. CNBC reported that letters have been sent to affected customers, who can also contact TransUnion’s fraud assistance line at 800-516-4700 (Monday–Friday, 8 a.m.–8 p.m. ET).
Consumer Impact and Recommendations
Experts warn the exposure of Social Security numbers significantly increases the risk of identity theft and long-term fraud. CPO Magazine quoted AppOmni CSO Cory Michal stressing the heightened threat. Fox News confirmed the stolen data ranges from contact details to critical identifiers such as SSNs and driver’s license numbers.
Money.com advised consumers to adopt protective measures, including deleting old accounts, enrolling in credit monitoring, and updating passwords. CNBC reminded that free weekly credit reports from TransUnion, Equifax, and Experian are available at AnnualCreditReport.com.
Corporate Context
TransUnion is among the largest U.S. credit reporting agencies, maintaining financial data for over 260 million Americans, according to TechCrunch. BleepingComputer reported the company operates in 30 countries, employs 13,000 staff, and generates about $3 billion in annual revenue. Globally, it maintains credit records on more than 1 billion consumers and provides data to 65,000 businesses, including banks, insurers, and employers.
