Credit reporting firm TransUnion is informing over 4.4M people that their personal data was stolen in a data breach that took place on July 28, 2025, as a result of a “cyber incident that affected a third-party application in our consumer support operations in the US,” as data breach notifications sent to affected individuals and filed with the offices of state attorney general offices indicate the incident was part of a larger wave of data theft attacks on Salesforce customers organized by the notorious hacking group, the ShinyHunters.
Major credit bureau suffers significant breach
SecurityWeek reports that credit reporting company TransUnion is alerting over 4.4 million individuals that their personal data has been compromised in a data breach. The company stated that the incident happened on July 28, 2025, in the data breach notifications dispatched to the affected individuals, copies of which were provided to the Maine and Texas Attorney General Offices.
TransUnion reports that the personal information was stored in a third-party application, which has been hacked and contains names, Social Security numbers, and dates of birth. TransUnion, which only just had a cyber incident, said to SecurityWeek that it was a third-party application that served our consumer support operations in the US.
A spokesperson of TransUnion said, “We detected and addressed this event in hours. When the company found out, they were able to contain the situation, which did not impact their core credit database and did not include credit reports. TransUnion informed the Maine AGO that there were 4,461,511 people affected by the data breach.
Relation to larger Salesforce attacks
The credit reporting agency did not identify the name of the third-party application that was used in the event, but said it has been collaborating with law enforcement and third-party cybersecurity agencies to investigate the attack. It seems, though, that the data breach was part of a larger series of data theft attacks that Salesforce clients fell prey to, and that the notorious information extortion group, ShinyHunters, was behind it, according to BleepingComputer.
Along with the personal data that TransUnion declared was stolen, addresses, email addresses, and phone numbers were stolen as well, the hackers allege. Lifehacker reports that the breach had been revealed on July 30, two days after the first breach had taken place.
Part of a widespread Salesforce campaign
Early in August, Google announced it had suffered a data breach of its Salesforce instance, having alerted in June that UNC6040, a voice phishing threat actor, was executing a mass Salesforce data theft and extortion campaign.ย Google associated UNC6040 with Scattered Spider, which presumably merged with ShinyHunters.
Data breaches recently revealed in the case of Adidas, Allianz Life, Cisco, Dior, Louis Vuitton, and others seem to belong to the Salesforce hacking campaign. Other Salesforce-associated corporations that have been affected are Google, Workday, and several large retailers such as LVMH.
Protection given to consumers
TransUnion is also offering 24 months of free credit monitoring services and proactive assistance with fraud to affected individuals. Any user whose personal information has been exposed can subscribe to free credit protection and monitoring through My TrueIdentity, a TransUnion company, as well as identity protection and resolution services and identity theft insurance worth one million dollars.
To register through the My TrueIdentity site, a victim requires the activation code on his/her letter, and must enter an email address and confirm some personal details. The offer shall remain open for 90 days after the date of the notice.
The 4.4 million-consumer data breach at TransUnion is a major breach attack that can be linked to the larger ShinyHunters campaign against Salesforce customers and reflects the interconnectedness of current cyber threats and the need to implement end-to-end security controls across third-party applications and vendor relationships in safeguarding sensitive consumer financial data.