TransUnion Breach Exposes Data of 4.4 Million People
Credit reporting giant TransUnion has disclosed a breach impacting 4.4 million individuals, linked to a compromise of a third-party customer support application.
The July 28th incident allowed unauthorized access to limited personal data, including Social Security numbers, though TransUnion emphasized its core credit database was not affected. The company contained the breach “within hours,” engaged outside cybersecurity experts for forensics, and is working with law enforcement.
Victims are being notified, and regulators in Texas and other states have been informed. TransUnion says the exposed data represents only a small portion of U.S. consumers.
This breach comes amid a wave of incidents involving third-party providers, including attacks tied to Salesforce applications. Mandiant has attributed these broader campaigns to the group UNC6395, which exploited OAuth tokens to steal data at scale.
With a database covering more than 260 million Americans, TransUnion’s exposure underscores the growing risks posed by third-party supply chain compromises in the financial sector.