TransUnion hack exposed 4.4M users’ SSNs & personal data. Learn what happened, who’s behind it, and how to stay safe from identity theft.

Continue reading
In late July 2025, TransUnion, one of the "Big Three" U.S. credit bureaus, disclosed a significant cyber incident impacting 4.4 million individuals.
While the company insists that its core credit database remained untouched, the breach nevertheless exposed personally identifiable information (PII) — including names, Social Security numbers, dates of birth, and contact details. This event adds another chapter to the growing pattern of large-scale identity-driven cyberattacks exploiting third-party applications and cloud ecosystems.
The breach was not directly within TransUnion’s credit systems, but rather within an externally hosted application, aligning with a recent wave of Salesforce-related breaches seen across enterprises such as Google, Allianz Life, Cisco, and Workday.
This type of PII is highly valuable for identity theft, account takeover, and social engineering campaigns.
While the exclusion of credit files offers some relief, the leakage of foundational identity markers (SSNs, DOBs, addresses) is still devastating, as these cannot be easily changed or reset.
Evidence links the breach to campaigns exploiting OAuth misconfigurations in Salesforce-related environments. Security analysts attribute several of these attacks to the group UNC6395, while other sources suggest possible ties to ShinyHunters, a notorious hacking collective specializing in mass data theft and resale on dark web marketplaces.
The technical vector appears to involve:
This reflects a growing supply-chain attack paradigm, where trusted SaaS tools become the weak link in otherwise secure organizations.
Under data protection laws in Texas and Maine, TransUnion filed formal breach notifications. Other states are expected to follow. Impacted consumers are being offered two years of free credit monitoring and identity theft protection.
However, regulators may scrutinize whether TransUnion:
The breach may further accelerate calls for federal-level U.S. data privacy laws — a long-debated gap compared to the GDPR in Europe.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation