TransUnion data breach may have affected 4.4 million users - here's what we know, and how to stay safe

Date:
Fri, 29 Aug 2025 16:32:00 +0000

Description:
ShinyHunters strike again, and once again - they're after Salesforce accounts.

FULL STORY ======================================================================TransUni on reported a data breach with 4.4 million Americans affected The threat actors claim the attack is much larger Users should be wary of incoming
emails

TransUnion, a major American credit reporting company, suffered a data breach in which it lost personally identifiable information (PII) on more than 4.4 million American citizens.

In a new report, filed with the Maine Attorney Generals Office, the company said it was struck on July 28, 2025, and that it spotted the intrusion two days later.

The data lost in the incident is limited, TransUnion said, without detailing the type. It did stress that credit reports and core credit information was not exposed in this attack. It still decided to give affected individuals 24 months of free credit monitoring and identity theft protection . ShinyHunters

At the same time, BleepingComputer discovered that the attack was the work of ShinyHunters, who broke into the companys Salesforce account to steal the information.

A wave of Salesforce data theft attacks has impacted numerous companies this year, including Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas, the publication said. ShinyHunters confirmed with the publication that they stole more than 13 million records, with the 4.4 million mentioned above relating only to US citizens.

The group shared a sample, as well, showing peoples names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social
Security numbers (SSN). This type of information can hardly be described as limited, as it is more than enough to use in identity theft, phishing, and other forms of cybercrime. Crooks can open bank accounts in peoples names, take out loans, and even apply for tax cuts and returns.

The data also includes the reason for the customer transaction, such as a request for a free credit report, which can also be used to target the
victims with convincing phishing attacks, deploying malware or stealing even more information.

ShinyHunters also told BleepingComputer they stole customer support tickets and various messages stored in Salesforce.

TransUnion is one of the three major consumer credit reporting agencies in
the US (alongside Experian and Equifax). It collects and maintains credit information on individuals and businesses, then provides credit reports, scores, and identity protection services to lenders, businesses, and consumers. How to stay safe

To mitigate potential risks, users should place a credit freeze (or fraud alert) with all three credit bureaus, preventing new credit accounts from being opened in their name without approval.

They should also monitor their credit reports, and use TransUnion's offer of free identity theft monitoring.

Finally, they should watch their financial accounts closely, and be extra cautious with incoming emails and other communication. Since attackers now know their contact info, they might send convincing fake emails, texts, or calls pretending to be banks, government agencies, or even TransUnion itself.

Via BleepingComputer You might also like TransUnion's data stolen in major data breach Take a look at our guide to the best authenticator app We've rounded up the best password managers



======================================================================
Link to news story: https://www.techradar.com/pro/security/transunion-data-breach-may-have-affecte d-4-4-million-users-heres-what-we-know-and-how-to-stay-safe


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)