TransUnion Breach Exposes Data of 4.4 Million Customers
Home > Cybersecurity > News Article

TransUnion Breach Exposes Data of 4.4 Million Customers

Photo by:   TransUnion Press Kit
Share it!
By MBN Staff | MBN staff - Thu, 08/28/2025 - 11:10

Credit reporting agency TransUnion reports a security breach that compromises the personal information of 4.4 million customers. The incident, which took place on July 28, originated from unauthorized access to a third-party vendor’s systems, highlighting the inherent risks in the corporate digital supply chain.

According to a filing with the Maine Attorney General's Office, TransUnion attributed the breach to “unauthorized access to a third-party application storing customers’ personal data for its US consumer support operations.” 

At the time of disclosure, TransUnion had not specified the exact types of personal information that were stolen. It labeled its impact as “limited” and highlighted that consumers' core credit information was not accessed. However, this claim has not been independently verified with public evidence. 

The company has declined to offer additional details about the breach. This stance limits visibility into the attack methodology and the compromised data. The threat actor or group responsible for the intrusion has been attributed to the Shiny Hunters extortion group, and more recently, by a cluster tracked as UNC6395, according to Bleeping Computer.

This breach is part of a growing trend of supply chain attacks that target large corporations through their technology vendors and partners. The attack vector, a third-party application, demonstrates one of the most significant vulnerabilities for modern enterprises: inherited vendor risk. Recent incidents at corporations such as Google, Cisco, and Workday, which were linked to third-party hosted cloud databases, show a clear pattern and a focus for cybercriminal groups.

The potential consequences for an organization of TransUnion’s size are multifaceted. The company faces intense scrutiny and the possibility of significant financial penalties under data protection frameworks like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). For the B2B ecosystem, this event emphasizes the need to implement robust Third-Party Risk Management (TPRM) programs, the most efficient method to face this type of specific risks.

For the time being, TransUnion is offering those impacted 24 months of free credit monitoring and identity theft protection services, reports Bleeping Computer.

Photo by:   TransUnion Press Kit
Tags:

You May Like

TransUnion Breach Exposes Data of 4.4 Million Customers
TransUnion Breach Exposes Data of 4.4 Million Customers

Most popular

1
E-Commerce & Retail
Saks Global Files for Chapter 11, Citing Inventory Pressures
Saks Global Files for Chapter 11, Citing Inventory Pressures
2
Automotive
US Automakers Expand Into Energy Storage as EV Demand Slows
Ford
3
E-Commerce & Retail
Mexico Advances Digital Integration as Users Hit 110 Million
Mexico Advances Digital Integration as Users Hit 110 Million
4
Automotive
Nissan LEAF Earns WWCOTY World’s Best Compact Car Title
Nissan
5
Automotive
LG Energy Suffers Surprise 4Q25 Loss Amid EV Market Slowdown
LG Energy
6
Aerospace
The Year In Aerospace: Mexico Balances Growth, Risks Into 2026
Aerospace
7
Professional Services
The Economic Risks of US Military Intervention in Mexico
Why U.S. military intervention in Mexico would be economic

Newsletter