▼ Summary
– TransUnion suffered a data breach affecting nearly 4.5 million Americans, with unauthorized access occurring through a third-party application.
– The breach was limited to specific data elements and did not include credit reports or core credit information.
– TransUnion is offering free credit monitoring and fraud assistance to affected customers and stated it continues to enhance security controls.
– The breach occurred on July 28, 2025, was detected on July 30, and follows other recent TransUnion data incidents in 2022 and 2023.
– This incident is part of a growing trend of third-party data breaches, with recent examples affecting companies like UBS, Allianz Life, and Qantas.
A significant data breach at TransUnion has compromised the personal information of approximately 4.5 million individuals across the United States. The incident involved unauthorized access to a third-party application used in the company’s consumer support operations, though the firm emphasized that credit reports and core credit data remained unaffected.
In a notification sent to impacted customers, TransUnion clarified that the breach was confined to specific data fields, though it did not disclose further details regarding the exact nature of the exposed information. The company expressed regret over the incident and reaffirmed its commitment to protecting consumer data.
Affected individuals are being offered complimentary access to credit monitoring and identity theft protection services as a precautionary measure. TransUnion stated that it maintains strong security protocols and is continuously working to improve its defenses to prevent future occurrences.
According to a filing with the Office of the Maine Attorney General, the breach took place on July 28 and was identified just two days later on July 30. This is not the first time TransUnion has faced such challenges. In 2022, an isolated server in South Africa was compromised, leading to the theft of data belonging to nearly five million customers. More recently, in September 2023, a threat actor known as “USDoD” leaked a database allegedly containing personally identifiable information of over 58,000 TransUnion customers. The company later asserted that no data was taken from its own systems, pointing instead to a possible supply chain compromise.
This latest incident reflects a broader trend of third-party data breaches affecting major organizations. In June 2025, banking institution UBS experienced a breach through procurement service provider Chain IQ. That same July, Allianz Life announced that a threat actor had accessed a cloud-based customer relationship management system, exposing data belonging to the majority of its 1.4 million U.S. policyholders. Also in July, Qantas Airways reported a breach impacting nearly six million customers after hackers infiltrated a third-party customer service platform.
Cybercriminal groups such as Scattered Spider and ShunyHunters have been linked to many of these attacks, often using social engineering to compromise third-party IT and cloud service providers. These groups are part of The Com, a sprawling online network involving thousands of English-speaking individuals engaged in coordinated cybercrime.
(Source: InfoSecurity)
-
-
-
-
-
-
