TRANSUNION says it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with the data stolen from its Salesforce account. According to a filing submitted to the Office of the Maine AG, the breach occurred on 28 July 2025 and was discovered two days later. The incident involved a third-party application serving the company’s U.S. consumer support operations, and the company describes the exposed data as limited, though specifics have not been disclosed.
TransUnion is offering 24 months of free credit monitoring and identity theft protection to those affected. A wave of Salesforce data theft attacks has been linked to this breach, with TransUnion’s data reportedly including Social Security Numbers, and the investigations have been associated with the Shiny Hunters extortion group and a cluster tracked as UNC6395, according to two sources cited by BleepingComputer.