TransUnion Hack Exposes 4M+ Customers Personal Information

TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers.

The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a third-party application.

On July 28, 2025, TransUnion LLC confirmed a sophisticated cyber intrusion that compromised the personal data of over 4.4 million consumers. 

The unauthorized access, detected on July 30, 2025, targeted TransUnion’s consumer reporting systems and exposed sensitive Personally Identifiable Information (PII). 

Key Takeaways
1. 4.4M+ PII records exposed in a July 28 SQL-injection breach.

2. MFA, segmentation, forensics, and notifications deployed.

3. Two years of free myTrueIdentity™ credit monitoring provided.

Over 4 Million Individuals’ PII Stolen

According to the Maine office filing, the breach affected 4,461,511 individuals nationwide, including 16,828 residents of Maine. 

The breach targeted an application used for the company’s U.S. consumer support operations. While the intrusion compromised sensitive personal data, TransUnion has assured its customers that the accessed information did not include credit reports or core credit information.

The compromised data elements included full names, Social Security numbers, dates of birth, and driver’s license numbers, constituting a classic PII aggregation that heightens the risk of identity theft and financial fraud.

The breach was discovered on August 15, 2025, after the company’s cybersecurity team detected suspicious activity on its network. An internal investigation, conducted in collaboration with a leading cybersecurity firm, revealed that an unauthorized third party had gained access to the system for a period of two weeks in late July.

“We take our responsibility to protect consumer data very seriously,” said a TransUnion spokesperson in a statement released Friday. “We have taken immediate steps to secure the application and are working with law enforcement to investigate this matter. We are committed to supporting our customers and have begun the process of notifying all affected individuals.”

TransUnion is offering two years of free credit monitoring and identity theft protection services to all impacted customers. The notification letters will include instructions on how to enroll in these services. The company has also set up a dedicated call center to answer customer questions and has posted an FAQ on its website.

TransUnion issued written Data Breach Notifications to all affected consumers on August 26, 2025, in compliance with state and federal regulations.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.