TransUnion Data Breach Exposes 4.5 Million Records Through Third-Party App
None
<p>TransUnion, one of the nation’s three major credit reporting agencies, has confirmed a cyberattack that exposed sensitive personal information for more than 4.4 million U.S. consumers. The incident, discovered on July 30, traces back to vulnerabilities in a third-party application used in TransUnion’s consumer support operations.</p><h2 class="wp-block-heading">How the Breach Happened</h2><p>According to TransUnion, attackers exploited flaws in a Salesforce-connected application, part of a broader wave of incidents targeting major organizations in recent months. Investigators say groups including ShinyHunters and UNC6395 have been probing OAuth tokens and app integrations to bypass traditional defenses.</p><p>In TransUnion’s case, the intrusion occurred on July 28 and was contained within hours once detected. The company stressed that its “core credit database” was not compromised. Instead, the breach was limited to data flowing through a customer service tool.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><h2 class="wp-block-heading">What Consumers Experienced</h2><p>Impacted individuals learned that their names, dates of birth, email and mailing addresses, phone numbers, and unredacted Social Security numbers were accessed. In some cases, records also included details of why they contacted TransUnion, such as support ticket notes.</p><p>For consumers, that meant seeing highly personal details disclosed in breach notification letters. While credit files themselves were not taken, the combination of Social Security numbers and contact information poses a serious risk of identity theft and fraud.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="25149d418d55a8f68133014e-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="25149d418d55a8f68133014e-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p>To address these concerns, TransUnion is offering two years of free credit monitoring and identity protection through Cyberscout. Regulators in states including Maine and Texas have begun receiving formal notifications, and several law firms are already investigating potential class-action claims.</p><h2 class="wp-block-heading">Why It Matters</h2><p>The breach highlights an increasingly common weak point: third-party software integrations. Even when core databases remain secure, attackers can exploit the wider network of connected applications that process consumer data.</p><p>This echoes lessons from the 2017 Equifax breach, which exposed 147 million records and reshaped the conversation around credit bureau security. While smaller in scale, the TransUnion incident underscores how the security of financial infrastructure depends not only on internal defenses but also on the resilience of vendors and partners.</p><h2 class="wp-block-heading">The Takeaway</h2><p>For millions of Americans, the immediate concern is safeguarding against fraud. Experts recommend placing credit freezes, monitoring accounts closely, and treating emails or calls with heightened suspicion, as exposed details could fuel targeted phishing campaigns.</p><p>The post <a href="https://www.centraleyes.com/transunion-data-breach-exposes-4-5-million-records/">TransUnion Data Breach Exposes 4.5 Million Records Through Third-Party App</a> appeared first on <a href="https://www.centraleyes.com/">Centraleyes</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/transunion-data-breach-exposes-4-5-million-records-through-third-party-app/" data-a2a-title="TransUnion Data Breach Exposes 4.5 Million Records Through Third-Party App"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Ftransunion-data-breach-exposes-4-5-million-records-through-third-party-app%2F&linkname=TransUnion%20Data%20Breach%20Exposes%204.5%20Million%20Records%20Through%20Third-Party%20App" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Ftransunion-data-breach-exposes-4-5-million-records-through-third-party-app%2F&linkname=TransUnion%20Data%20Breach%20Exposes%204.5%20Million%20Records%20Through%20Third-Party%20App" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Ftransunion-data-breach-exposes-4-5-million-records-through-third-party-app%2F&linkname=TransUnion%20Data%20Breach%20Exposes%204.5%20Million%20Records%20Through%20Third-Party%20App" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Ftransunion-data-breach-exposes-4-5-million-records-through-third-party-app%2F&linkname=TransUnion%20Data%20Breach%20Exposes%204.5%20Million%20Records%20Through%20Third-Party%20App" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Ftransunion-data-breach-exposes-4-5-million-records-through-third-party-app%2F&linkname=TransUnion%20Data%20Breach%20Exposes%204.5%20Million%20Records%20Through%20Third-Party%20App" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.centraleyes.com/">Centraleyes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Rebecca Kappel">Rebecca Kappel</a>. Read the original post at: <a href="https://www.centraleyes.com/transunion-data-breach-exposes-4-5-million-records/">https://www.centraleyes.com/transunion-data-breach-exposes-4-5-million-records/</a> </p>