Unauthorized Access to TransUnion's Data Trove Reveals Personal Details of Over 4 Million Customers
One of the nation's three major credit reporting agencies, TransUnion, has experienced a data breach. The unauthorized access was detected on July 30, 2025, and the breach occurred on or around July 28, 2025.
The breach involved unauthorized access to a third-party application used for TransUnion's U.S. consumer support operations. As a result, sensitive Personally Identifiable Information (PII) of over four million U.S. customers was exposed. The compromised data elements included full names, Social Security numbers, dates of birth, and driver's license numbers.
TransUnion is alerting affected individuals about the cyber incident and has posted an FAQ on its website to address any questions. The company is also offering two years of free credit monitoring and identity theft protection services to all impacted customers.
The internal investigation, conducted in collaboration with a leading cybersecurity firm, revealed that an unauthorized third party had gained access to the system for a period of two weeks in late July. TransUnion is working with law enforcement to investigate this matter and is committed to supporting its customers.
The breach did not include credit reports or core credit information. TransUnion has set up a dedicated call center to answer customer questions and has issued Data Breach Notifications to all affected consumers on August 26, 2025.
The breach affected 16,828 residents of Maine, according to Maine office filings. To help affected individuals, TransUnion is offering instructions on how to enroll in credit monitoring and identity theft protection services in the notification letters.
The company is also collaborating with Experian to mitigate the consequences of the data breach. TransUnion is encouraging all customers to remain vigilant and to report any suspicious activity to the authorities.
The breach is considered a sophisticated cyber intrusion, and TransUnion is taking all necessary steps to prevent such incidents in the future. The company is committed to protecting the personal information of its customers and will continue to work diligently to ensure the security of its systems.
