In a significant breach of security, hackers have unlawfully accessed sensitive information concerning millions of Americans through a data breach that specifically targeted TransUnion, recognized as one of the three major credit bureaus in the United States.
On July 28, TransUnion acknowledged an unauthorized “cyber incident” that has compromised personal data for over 4.4 million individuals, as revealed in legal disclosures submitted to the attorneys general offices in Maine and Texas this week. Among the compromised information, critical data such as names, Social Security numbers, and dates of birth were included, according to the filing from Texas.
Both Maine and Texas have regulations that mandate companies to report data breaches affecting their residents. However, it’s essential to note that only a fraction of the individuals impacted by the TransUnion breach reside in these two states.
Information regarding the breach remains limited. In a statement provided to Money, TransUnion indicated that “the incident involved unauthorized access to limited personal information for a very small percentage of U.S. consumers.” The company reassured that they are collaborating with law enforcement agencies and have engaged third-party cybersecurity experts to conduct an independent forensic investigation.
As of the time of reporting, TransUnion had yet to release any public statements regarding the data breach on its official website. However, the company informed Money that they are in the process of notifying affected customers.
In the disclosure made to the state of Maine, TransUnion mentioned that they initiated the process of sending out notification letters to those affected by the breach starting Tuesday.
“We recently experienced a cyber incident involving a third-party application that serves our U.S. consumer support operations,” a sample letter stated. “We regret any concern this incident may have caused and take our responsibility to secure consumer information very seriously.”
TransUnion clarified to Money that the data leak did not include its “core credit database or credit reports,” asserting that they “identified and contained this event within hours.” To assist those impacted, the credit bureau is offering two years of complimentary credit monitoring services through Cyberscout, as mentioned in the notification letter.
The recent breach at TransUnion adds to a troubling pattern of significant data breaches. Just recently, Google warned 2.5 billion Gmail users to reset their passwords after they were targeted by a hacking group known as ShinyHunters. This group compromised the corporate software company Salesforce, which services numerous high-profile clients, and impersonated employees to gain access to additional data from various companies.
Additionally, the insurance firm Allianz and telecommunications giant AT&T were also victims of attacks carried out by this group. Although the letter from TransUnion mentions that the breach involved a “third-party application” rather than its main database, it remains uncertain whether this incident is linked to the ShinyHunters breach of Salesforce.
In a separate incident earlier this year in May, LexisNexis, a consumer data broker closely associated with credit bureaus, revealed a data breach that impacted over 360,000 individuals. This breach involved the exposure of sensitive data, including Social Security numbers, driver’s license numbers, addresses, and dates of birth.
This year, 2025 has proven to be particularly challenging concerning data breaches and incidents of identity theft. By June 30, the Federal Trade Commission reported receiving nearly 750,000 identity theft complaints, indicating that 2025 could be on track to become one of the most severe years recorded for such incidents.
How can you verify if your personal information was compromised?
While TransUnion has initiated the process of sending notification letters this week to individuals affected by the breach, the timeline for when all individuals will receive their notifications remains unclear. Moreover, it is uncertain if the bureau will issue additional types of alerts.
To determine if you were affected, you can reach out to TransUnion directly by calling their fraud assistance line at 1-800-516-4700. Their call center operates Monday through Friday, from 8 a.m. to 8 p.m. Eastern time.
Another effective method to detect potential identity theft is to carefully review your credit reports for any suspicious activities that you did not authorize. You can obtain credit reports from all three major credit bureaus every week online for free at the federally authorized AnnualCreditReport.com. There’s no need to incur costs to check your credit report.
Additionally, unofficial online tools such as DeHashed or Have I Been Pwned can assist in checking whether your email account has been linked to any known breaches.
What proactive measures should you take if your personal information has been compromised?
If it has been confirmed that your data was leaked, it doesn’t necessarily mean that your identity has been stolen. However, it is crucial to be vigilant and monitor all of your financial accounts closely.
Experts in fraud prevention have advised that you should consider taking several key actions: Delete any old accounts to minimize your exposure risks; enroll in credit monitoring services, particularly since TransUnion has provided you with two free years; and promptly change all of your passwords.
Furthermore, you can inform your banks, credit card companies, and other financial institutions about the data leak, requesting that they monitor your accounts for any suspicious activities.
Even if you haven’t encountered identity theft yet, experts frequently recommend that you freeze your credit as a precautionary step. This action is free of charge; you can request a credit freeze online from TransUnion, Equifax, and Experian. By doing so, if your identity is ever stolen, criminals will be unable to open new credit cards or secure loans in your name. When you need to apply for a new line of credit, you can temporarily unfreeze it and then reapply the freeze afterward.
Numerous free resources are available to assist you, including those provided by nonprofit organizations like the Identity Theft Resource Center, which can support you in screening for potential scams or recovering from them at no cost. Additionally, the Federal Trade Commission offers extensive resources on identity theft at identitytheft.gov.
Explore additional resources from Money:
Discover the 6 Best Identity Theft Protection Services available in August 2025.
Learn How to Check Your Credit Report effectively.
The Places With the Highest Credit Scores in the U.S. Might Surprise You with their rankings.
