- Transunion reported a data overgrowth with 4.4 million Americans affected
- The threat actors claim the attack is much greater
- Users need to be wary of incoming E emails
Transunion, a major US credit reporting company, suffered a data violation in which the lost personally identifiable information (PII) about more than 4.4 million US citizens.
In a new report filed with Maine Attorney General’s Office, the company said it was hit on July 28, 2025 and that it discovered intrusion two days later.
The data lost in the incident is “limited,” Transunion said without detailed type. It emphasized that credit reports and core credit information were not postponed in this attack. It still decided to give affected persons 24 months of free credit monitoring and protection of identity theft.
Shinyhunters
At the same time, Bleeping computer Discovered that the attack was the work for Shinyhunters who broke into the company’s Salesforce account to steal the information.
“A wave of Salesforce data theft attacks has affected several companies this year, including Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel and Qantas,” the publication said. Shinyhunters confirmed with the publication that they stole more than 13 million items, with the 4.4 million mentioned above, only regarding US citizens.
The group also shared a sample showing people’s names, billing addresses, phone numbers, e -mail addresses, date of birth and non -reduced social security number (SSN). This type of information can hardly be described as “limited” as it is more than enough to use in identity theft, phishing and other forms of cybercrime. Crooks can open bank accounts in people’s names, take out loans and even apply for tax cuts and returns.
The data also includes the reason for the customer transaction, such as a request for a free credit report, which can also be used to target the victims with compelling phishing attacks, implement malware or steal even more information.
Shinyhunters also told Bleeping computer They stole customer support tickets and various messages stored in Salesforce.
Transunion is one of the three major consumer credit reporting agencies in the US (along with Experian and Equifax). It collects and maintains credit information about individuals and businesses, then provides credit reports, scores and identity protection services for lenders, businesses and consumers.
How to remain safe
To mitigate potential risks, users must place a credit freezing (or fraud) with all three credit agencies, preventing new credit accounts from opening in their name without approval.
They should also monitor their credit reports and use Transunion’s offer of monitoring of free identity theft.
Finally, they should see their financial accounts closely and be extra careful with incoming E emails and other communication. Since attackers now know their contact information, they may send convincing false e emails, texts or calls that pretend to be banks, government agencies or even Transunion themselves.
Via Bleeping computer
