Español
TransUnion, one of the largest credit reporting agencies in the United States, has confirmed a major data breach that exposed the personal information of more than 4.4 million individuals.
In a filing with the Maine Attorney General’s Office, the company revealed that the incident occurred on July 28 and was linked to unauthorized access of a third-party application used to manage customer support operations. The compromised system contained personal data belonging to U.S. consumers.
Although TransUnion emphasized that “no credit data was accessed,” the company has not provided evidence to support this claim. Initial disclosures did not specify which categories of personal data were affected. However, a subsequent filing with the Texas Attorney General’s Office confirmed that the stolen information includes customer names, dates of birth, and Social Security numbers.
When contacted by TechCrunch, TransUnion spokesperson Jon Boughtin declined to answer further questions about the breach, including whether additional types of sensitive data were compromised.
This incident highlights the significant risks facing organizations that manage vast amounts of consumer data. TransUnion stores financial information for more than 260 million Americans, making it a high-value target for threat actors.
The breach is part of a broader wave of cyberattacks that have recently hit major U.S. companies across industries such as insurance, retail, transportation, and aviation. In recent weeks, Google, Allianz Life, Cisco, and Workday confirmed data breaches tied to customer records stored on Salesforce-hosted cloud environments. Google later attributed its breach to the well-known extortion group ShinyHunters.
It remains unclear who was behind the TransUnion breach or whether any ransom demands were made. For now, the company faces heightened scrutiny as regulators and affected consumers await more details on the scale of the incident and the company’s response.
