Credit reporting giant TransUnion has confirmed a major data breach that compromised the personal information of more than 4.4 million customers in the United States.
In a filing with the Maine attorney general’s office on Thursday, the company said the breach stemmed from unauthorized access on July 28 through a third-party application used in its U.S. consumer support operations. While TransUnion stressed that “no credit information was accessed,” the company has not provided evidence to support that claim.
A subsequent disclosure to the Texas attorney general’s office revealed that the exposed data included sensitive identifiers such as names, dates of birth, and Social Security numbers. The company has not detailed whether additional categories of personally identifiable information were stolen.
When contacted by TechCrunch, TransUnion spokesperson Jon Boughtin declined to elaborate on what data was taken or answer questions about the scope of the incident.
The breach highlights the risks faced by TransUnion, one of the “big three” credit reporting agencies in the U.S., which stores the financial records of over 260 million Americans. As one of the central gatekeepers of consumer credit, a compromise of its systems could have significant ripple effects for identity theft and financial fraud.
The incident follows a string of high-profile data breaches across multiple industries in recent weeks, targeting insurance firms, retailers, transportation networks, and airlines. Several major corporations — including Google, Allianz Life, Cisco, and Workday — have also reported breaches tied to data stored in their Salesforce-hosted cloud databases. Google attributed those intrusions to the notorious hacker group ShinyHunters, known for cyber extortion schemes.
At present, it remains unclear who is responsible for the TransUnion attack or whether the company has received any ransom demands. Regulators and cybersecurity experts are expected to scrutinize how the credit bureau handled its security protocols and disclosure timelines.
